Asegúr@IT IV - Remote File DownloadingChema Alonso
The document discusses blind SQL injection attacks, where an attacker can extract information from a database without seeing the results directly. It describes how an attacker analyzes differences in responses to determine true or false results. Various techniques are presented, including booleanization, tools for automating extraction, and downloading files by querying data loaded into temporary tables. Time-based techniques using delays are also covered. The document demonstrates attacks on Microsoft SQL Server, Oracle, and MySQL databases.
MySQL 8 introduces support for ANSI SQL recursive queries with common table expressions, a powerful method for working with recursive data references. Until now, MySQL application developers have had to use workarounds for hierarchical data relationships. It's time to write SQL queries in a more standardized way, and be compatible with other brands of SQL implementations. But as always, the bottom line is: how does it perform? This presentation will briefly describe how to use recursive queries, and then test the performance and scalability of those queries against other solutions for hierarchical queries.
Avoiding cursors with sql server 2005 tech republicKaing Menglieng
The document discusses how to avoid using cursors in SQL Server 2005 when executing queries. It presents a scenario where cursors would traditionally be used to loop through inventory transaction records and calculate the remaining inventory each day. It then shows two methods using new SQL 2005 features like common table expressions and window functions to solve the problem with a single query instead of cursors. Avoiding cursors improves performance since sets are processed at once rather than row-by-row.
Using Fuzzy Code Search to Link Code Fragments in Discussions to Source CodeNicolas Bettenburg
Talk on Using Fuzzy Code Search to Link Code Fragments in Discussions to Source Code, given at the 16th European Conference on Software Maintenance and Reengineering (CSMR'12) in Hungary.
This document discusses ORM injection vulnerabilities using Hibernate and MySQL as an example. It begins with an introduction to injection vulnerabilities and ORM concepts. It then demonstrates how SQL injection is possible by exploiting differences in escaping rules between HQL and MySQL. A proof of concept shows injecting HQL to retrieve all records, and injecting SQL directly by escaping quotes differently. The document concludes that input validation and parameterized queries are needed to prevent ORM injection, and frameworks may not fully prevent injection depending on the underlying database.
You find a column named EntityNum in a table you manage, but what data belongs in this column? Not every detail of usage is clear from just SQL data type and constraints. What is the sensible range of values? Unit of measure? How is the column used by applications? Who in the world knows? We need a way to add comments to the database schema, just as we would write comments in application code to document how programmers should use it. But comments are useful only if they're correct and current, and if they're easy to read and to update. Schemadoc is an experimental tool to help in these goals.
Artem Storozhuk "Building SQL firewall: insights from developers"Fwdays
The document discusses using a database firewall as an additional layer of defense against SQL injections. It provides an overview of SQL injections and common techniques for preventing them, such as input validation and using web application firewalls (WAFs). However, WAFs have limitations like not being able to detect some SQL injections or protect against authorized users. The document then proposes using a database proxy firewall between the database and applications. It describes some open source database proxy firewalls and provides an example of AcraCensor, an open source database firewall that uses whitelist and blacklist rules to filter queries. It also discusses challenges in developing a database firewall and provides performance test results showing AcraCensor adds around 6.7% overhead to query processing
Asegúr@IT IV - Remote File DownloadingChema Alonso
The document discusses blind SQL injection attacks, where an attacker can extract information from a database without seeing the results directly. It describes how an attacker analyzes differences in responses to determine true or false results. Various techniques are presented, including booleanization, tools for automating extraction, and downloading files by querying data loaded into temporary tables. Time-based techniques using delays are also covered. The document demonstrates attacks on Microsoft SQL Server, Oracle, and MySQL databases.
MySQL 8 introduces support for ANSI SQL recursive queries with common table expressions, a powerful method for working with recursive data references. Until now, MySQL application developers have had to use workarounds for hierarchical data relationships. It's time to write SQL queries in a more standardized way, and be compatible with other brands of SQL implementations. But as always, the bottom line is: how does it perform? This presentation will briefly describe how to use recursive queries, and then test the performance and scalability of those queries against other solutions for hierarchical queries.
Avoiding cursors with sql server 2005 tech republicKaing Menglieng
The document discusses how to avoid using cursors in SQL Server 2005 when executing queries. It presents a scenario where cursors would traditionally be used to loop through inventory transaction records and calculate the remaining inventory each day. It then shows two methods using new SQL 2005 features like common table expressions and window functions to solve the problem with a single query instead of cursors. Avoiding cursors improves performance since sets are processed at once rather than row-by-row.
Using Fuzzy Code Search to Link Code Fragments in Discussions to Source CodeNicolas Bettenburg
Talk on Using Fuzzy Code Search to Link Code Fragments in Discussions to Source Code, given at the 16th European Conference on Software Maintenance and Reengineering (CSMR'12) in Hungary.
This document discusses ORM injection vulnerabilities using Hibernate and MySQL as an example. It begins with an introduction to injection vulnerabilities and ORM concepts. It then demonstrates how SQL injection is possible by exploiting differences in escaping rules between HQL and MySQL. A proof of concept shows injecting HQL to retrieve all records, and injecting SQL directly by escaping quotes differently. The document concludes that input validation and parameterized queries are needed to prevent ORM injection, and frameworks may not fully prevent injection depending on the underlying database.
You find a column named EntityNum in a table you manage, but what data belongs in this column? Not every detail of usage is clear from just SQL data type and constraints. What is the sensible range of values? Unit of measure? How is the column used by applications? Who in the world knows? We need a way to add comments to the database schema, just as we would write comments in application code to document how programmers should use it. But comments are useful only if they're correct and current, and if they're easy to read and to update. Schemadoc is an experimental tool to help in these goals.
Artem Storozhuk "Building SQL firewall: insights from developers"Fwdays
The document discusses using a database firewall as an additional layer of defense against SQL injections. It provides an overview of SQL injections and common techniques for preventing them, such as input validation and using web application firewalls (WAFs). However, WAFs have limitations like not being able to detect some SQL injections or protect against authorized users. The document then proposes using a database proxy firewall between the database and applications. It describes some open source database proxy firewalls and provides an example of AcraCensor, an open source database firewall that uses whitelist and blacklist rules to filter queries. It also discusses challenges in developing a database firewall and provides performance test results showing AcraCensor adds around 6.7% overhead to query processing
Solr is an open source enterprise search platform built on Apache Lucene. It provides full-text search, hit highlighting, faceted search, and handles various document formats. Ajax-Solr is a JavaScript library that offers an autocomplete feature searching multiple fields and faceted search using tag clouds to interface with Solr. It follows the MVC pattern and can be deployed by customizing the configuration and fields used in examples/reuters-requirejs.
The document contains details of 9 practical assignments for an Advance Java course. Each practical assignment involves developing a Java program or application to demonstrate a concept. For example, Practical 01 involves creating a program to select stationary products and display prices; Practical 02 creates an editable employee table; Practical 03 uses a split pane to display planet images; and so on. The final practical involves developing a room reservation system using Enterprise Java Beans.
The document discusses Structured Query Language (SQL) and Java Database Connectivity (JDBC). It provides examples of using SQL statements like SELECT, INSERT, UPDATE, DELETE to query and manipulate data in database tables. It also demonstrates how to connect to databases like MySQL from Java using JDBC, execute SQL queries to retrieve and manipulate data, handle transactions and exceptions. Key classes discussed are Connection, Statement, PreparedStatement, CallableStatement and their methods.
透過簡單的攻擊範例,說明四種常見的 SQL Injection (Union Based Injection、Error Based Injection、Boolean Based Blind Injection、Time Based Blind Injection),並介紹一款常用的工具 sqlmap。
Optimize Is (Not) Bad For You - Rafał Kuć, Sematext Group, Inc.Lucidworks
The document discusses Solr segments and segment merging. It begins with an overview of segments, what they are, and how they are used. It then covers topics like writing, modifying, and merging segments. It discusses force merging and its performance implications. The document also provides information on configuring the merge policy factory, merge scheduler, and segment warmer to optimize merging.
SQL injection is a code injection technique that exploits security vulnerabilities in web applications by inserting malicious SQL statements into input fields. When user-supplied input is inserted into a SQL query without validation or sanitization, an attacker can manipulate the SQL statement and gain unauthorized access to sensitive data or make unauthorized changes by supplying specially crafted input containing SQL keywords and operators. Common defenses include sanitizing all user input, using parameterized queries instead of dynamic SQL, and running database access with least privileges.
Presented by Rafal Kuć, Consultant and Software engineer, , Sematext Group, Inc.
Even though Solr can run without causing any troubles for long periods of time it is very important to monitor and understand what is happening in your cluster. In this session you will learn how to use various tools to monitor how Solr is behaving at a high level, but also on Lucene, JVM, and operating system level. You'll see how to react to what you see and how to make changes to configuration, index structure and shards layout using Solr API. We will also discuss different performance metrics to which you ought to pay extra attention. Finally, you'll learn what to do when things go awry - we will share a few examples of troubleshooting and then dissect what was wrong and what had to be done to make things work again.
Tutorial on developing a Solr search component pluginsearchbox-com
In this set of slides we give a step by step tutorial on how to develop a fully functional solr search component plugin. Additionally we provide links to full source code which can be used as a template to rapidly start creating your own search components.
This document provides an overview of Apache Solr, an open source search platform based on Lucene. It discusses how Solr works, including indexing documents, defining schemas, querying the index via HTTP requests, and returning results in XML or JSON format. The document also provides examples of queries, updating the index, and customizing the analyzer for Thai language support.
Solr vs. Elasticsearch, Case by Case: Presented by Alexandre Rafalovitch, UNLucidworks
Solr and Elasticsearch are both based on Lucene and provide full-text search and structured search capabilities. They differ in areas like configuration, indexing documents, and representing search parameters. Both allow indexing and searching large volumes of documents and facilitating fast and complex queries.
The document discusses various .NET framework fundamentals including value types that contain data directly in memory versus reference types that store a reference to data on the heap. It also covers creating classes and structs, inheritance, interfaces, generics, and events. Specific examples are provided on declaring and using value types, creating user-defined types like an enum or struct, and constructing classes that inherit from a base class or implement interfaces.
The document discusses using JSON in MySQL. It begins by introducing the speaker and outlining topics to be covered, including why JSON is useful, loading JSON data into MySQL, performance considerations when querying JSON data, using generated columns with JSON, and searching multi-valued attributes in JSON. The document then dives into examples demonstrating loading sample data from XML to JSON in MySQL, issues that can arise, and techniques for optimizing JSON queries using generated columns and indexes.
Porting Oracle applications to PostgreSQL can be difficult due to differences in SQL syntax, data types, functions, and PL/SQL implementations between the databases. While many elements like table definitions and queries may port easily, issues arise with data types, functions, outer joins, null values, triggers, date/time handling, and PL/SQL syntax. A full rewrite may be preferable to porting in many cases. Careful evaluation and planning is needed to determine the best approach.
The next major release of Solr is right around the corner! Join Solr Committer Cassandra Targett and Lucidworks SVP of Engineering Trey Grainger for a first look into what’s included in the upcoming release.
This document provides an introduction and overview of Cassandra and NoSQL databases. It discusses the challenges faced by modern web applications that led to the development of NoSQL databases. It then describes Cassandra's data model, API, consistency model, and architecture including write path, read path, compactions, and more. Key features of Cassandra like tunable consistency levels and high availability are also highlighted.
Embedded Typesafe Domain Specific Languages for JavaJevgeni Kabanov
The document discusses embedded domain-specific languages (DSLs) for Java and provides two case studies:
1) Building SQL queries using a typesafe DSL that avoids errors and allows type inference.
2) Modifying Java bytecode using the ASM library to define a DSL for bytecode engineering.
This document discusses SQL skills and how queries can negatively impact server performance if not written efficiently. It covers topics like query plans, execution contexts, using parameters, indexing, handling large datasets, and external influences on SQL performance. Specific "bad" SQL examples are also provided and analyzed. The presenter aims to help developers optimize their SQL and prevent poorly written queries from bringing servers to their knees.
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMERAndrey Karpov
Static code analysis tools can analyze Java programs to find defects without executing the code. They use techniques like pattern matching, type inference, data flow analysis and symbolic execution. PVS-Studio is a static analysis tool for Java that was created using lessons from a C++ analyzer. It finds bugs like integer divisions by zero, dead code, copy-paste errors and other defects. Integrating static analysis into development processes helps improve code quality over time by detecting and fixing issues early.
The document provides templates and examples for creating Swing-based GUI applications, servlets, Java Server Pages (JSP), Java Database Connectivity (JDBC), Java Server Faces (JSF), Enterprise Java Beans (EJB), Hibernate, Struts, and web services in Java. It includes templates for common GUI components, servlets, JSP tags, database queries, managed beans, navigation rules, entity beans, Hibernate mappings, actions, and web service providers/consumers.
Artículo sobre el X Forum AUSAPE 2014 en el que Chema Alonso fue ponente. Además artículo en sección firma invitada sobre "Problem Between Chair & Keyboard". El vídeo de la conferencia está disponible en la siguiente URL:
https://www.youtube.com/watch?v=jTdmPC9Bpk0
Solr is an open source enterprise search platform built on Apache Lucene. It provides full-text search, hit highlighting, faceted search, and handles various document formats. Ajax-Solr is a JavaScript library that offers an autocomplete feature searching multiple fields and faceted search using tag clouds to interface with Solr. It follows the MVC pattern and can be deployed by customizing the configuration and fields used in examples/reuters-requirejs.
The document contains details of 9 practical assignments for an Advance Java course. Each practical assignment involves developing a Java program or application to demonstrate a concept. For example, Practical 01 involves creating a program to select stationary products and display prices; Practical 02 creates an editable employee table; Practical 03 uses a split pane to display planet images; and so on. The final practical involves developing a room reservation system using Enterprise Java Beans.
The document discusses Structured Query Language (SQL) and Java Database Connectivity (JDBC). It provides examples of using SQL statements like SELECT, INSERT, UPDATE, DELETE to query and manipulate data in database tables. It also demonstrates how to connect to databases like MySQL from Java using JDBC, execute SQL queries to retrieve and manipulate data, handle transactions and exceptions. Key classes discussed are Connection, Statement, PreparedStatement, CallableStatement and their methods.
透過簡單的攻擊範例,說明四種常見的 SQL Injection (Union Based Injection、Error Based Injection、Boolean Based Blind Injection、Time Based Blind Injection),並介紹一款常用的工具 sqlmap。
Optimize Is (Not) Bad For You - Rafał Kuć, Sematext Group, Inc.Lucidworks
The document discusses Solr segments and segment merging. It begins with an overview of segments, what they are, and how they are used. It then covers topics like writing, modifying, and merging segments. It discusses force merging and its performance implications. The document also provides information on configuring the merge policy factory, merge scheduler, and segment warmer to optimize merging.
SQL injection is a code injection technique that exploits security vulnerabilities in web applications by inserting malicious SQL statements into input fields. When user-supplied input is inserted into a SQL query without validation or sanitization, an attacker can manipulate the SQL statement and gain unauthorized access to sensitive data or make unauthorized changes by supplying specially crafted input containing SQL keywords and operators. Common defenses include sanitizing all user input, using parameterized queries instead of dynamic SQL, and running database access with least privileges.
Presented by Rafal Kuć, Consultant and Software engineer, , Sematext Group, Inc.
Even though Solr can run without causing any troubles for long periods of time it is very important to monitor and understand what is happening in your cluster. In this session you will learn how to use various tools to monitor how Solr is behaving at a high level, but also on Lucene, JVM, and operating system level. You'll see how to react to what you see and how to make changes to configuration, index structure and shards layout using Solr API. We will also discuss different performance metrics to which you ought to pay extra attention. Finally, you'll learn what to do when things go awry - we will share a few examples of troubleshooting and then dissect what was wrong and what had to be done to make things work again.
Tutorial on developing a Solr search component pluginsearchbox-com
In this set of slides we give a step by step tutorial on how to develop a fully functional solr search component plugin. Additionally we provide links to full source code which can be used as a template to rapidly start creating your own search components.
This document provides an overview of Apache Solr, an open source search platform based on Lucene. It discusses how Solr works, including indexing documents, defining schemas, querying the index via HTTP requests, and returning results in XML or JSON format. The document also provides examples of queries, updating the index, and customizing the analyzer for Thai language support.
Solr vs. Elasticsearch, Case by Case: Presented by Alexandre Rafalovitch, UNLucidworks
Solr and Elasticsearch are both based on Lucene and provide full-text search and structured search capabilities. They differ in areas like configuration, indexing documents, and representing search parameters. Both allow indexing and searching large volumes of documents and facilitating fast and complex queries.
The document discusses various .NET framework fundamentals including value types that contain data directly in memory versus reference types that store a reference to data on the heap. It also covers creating classes and structs, inheritance, interfaces, generics, and events. Specific examples are provided on declaring and using value types, creating user-defined types like an enum or struct, and constructing classes that inherit from a base class or implement interfaces.
The document discusses using JSON in MySQL. It begins by introducing the speaker and outlining topics to be covered, including why JSON is useful, loading JSON data into MySQL, performance considerations when querying JSON data, using generated columns with JSON, and searching multi-valued attributes in JSON. The document then dives into examples demonstrating loading sample data from XML to JSON in MySQL, issues that can arise, and techniques for optimizing JSON queries using generated columns and indexes.
Porting Oracle applications to PostgreSQL can be difficult due to differences in SQL syntax, data types, functions, and PL/SQL implementations between the databases. While many elements like table definitions and queries may port easily, issues arise with data types, functions, outer joins, null values, triggers, date/time handling, and PL/SQL syntax. A full rewrite may be preferable to porting in many cases. Careful evaluation and planning is needed to determine the best approach.
The next major release of Solr is right around the corner! Join Solr Committer Cassandra Targett and Lucidworks SVP of Engineering Trey Grainger for a first look into what’s included in the upcoming release.
This document provides an introduction and overview of Cassandra and NoSQL databases. It discusses the challenges faced by modern web applications that led to the development of NoSQL databases. It then describes Cassandra's data model, API, consistency model, and architecture including write path, read path, compactions, and more. Key features of Cassandra like tunable consistency levels and high availability are also highlighted.
Embedded Typesafe Domain Specific Languages for JavaJevgeni Kabanov
The document discusses embedded domain-specific languages (DSLs) for Java and provides two case studies:
1) Building SQL queries using a typesafe DSL that avoids errors and allows type inference.
2) Modifying Java bytecode using the ASM library to define a DSL for bytecode engineering.
This document discusses SQL skills and how queries can negatively impact server performance if not written efficiently. It covers topics like query plans, execution contexts, using parameters, indexing, handling large datasets, and external influences on SQL performance. Specific "bad" SQL examples are also provided and analyzed. The presenter aims to help developers optimize their SQL and prevent poorly written queries from bringing servers to their knees.
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMERAndrey Karpov
Static code analysis tools can analyze Java programs to find defects without executing the code. They use techniques like pattern matching, type inference, data flow analysis and symbolic execution. PVS-Studio is a static analysis tool for Java that was created using lessons from a C++ analyzer. It finds bugs like integer divisions by zero, dead code, copy-paste errors and other defects. Integrating static analysis into development processes helps improve code quality over time by detecting and fixing issues early.
The document provides templates and examples for creating Swing-based GUI applications, servlets, Java Server Pages (JSP), Java Database Connectivity (JDBC), Java Server Faces (JSF), Enterprise Java Beans (EJB), Hibernate, Struts, and web services in Java. It includes templates for common GUI components, servlets, JSP tags, database queries, managed beans, navigation rules, entity beans, Hibernate mappings, actions, and web service providers/consumers.
Artículo sobre el X Forum AUSAPE 2014 en el que Chema Alonso fue ponente. Además artículo en sección firma invitada sobre "Problem Between Chair & Keyboard". El vídeo de la conferencia está disponible en la siguiente URL:
https://www.youtube.com/watch?v=jTdmPC9Bpk0
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksChema Alonso
Trabajo realizado para la medición del grado de inseguridad de una red WiFi a la que se conecta un equipo. En él se analizan las medidas de seguridad, el riesgo y los motivos por los que existen las redes WiFi inseguras
This document analyzes LDAP injection techniques that can be used to exploit vulnerabilities in web applications that use LDAP directories. It discusses two types of LDAP injection - classic and blind. Classic injection allows attackers to directly execute malicious queries by appending injected code that will be processed by the LDAP server. Blind injection uses a binary approach to infer information from the server response without error messages. The document examines real examples of how attackers can use injected queries to view restricted documents or obtain a full list of users from the LDAP directory. It emphasizes that input validation is needed to prevent both classic and blind LDAP injection attacks.
Metadata Security: MetaShield ProtectorChema Alonso
This document discusses how metadata, hidden information, and lost data can be extracted from files using tools like FOCA for tactical fingerprinting purposes. It provides examples of the types of information that can be found, such as users, paths, devices, and more. The document warns that most people and organizations are unaware of these issues and fail to properly clean files before publishing them. It demonstrates how tools can extract this extra information and identifies weaknesses in common file types and cleaning procedures. The author encourages thorough cleaning of documents and limiting what users publish to avoid unintentionally leaking sensitive information.
Disclosing Private Information from Metadata, hidden info and lost data Chema Alonso
Documents contain metadata and hidden information that can be used to disclose private data and to
fingerprint an organisation and its network computers. This document shows what kinds of data can be found, how to
extract them and proposes some solutions to the problem stated here.
Presentación realizada el 3 de Julio en la que se presentaron los plugins de Latch para OS X, Latch para Windows [Personal/Enterprise] Edition y Latch para Linux. Los plugins están disponibles en: https://latch.elevenpaths.com/www/plugins_sdks.html
How "·$% developers defeat the web vulnerability scannersChema Alonso
Share Favorite
Favorited X
Download More...
Favorited! Want to add tags? Have an opinion? Make a quick comment as well. Cancel
Edit your favorites Cancel
Send to your Group / Event Select Group / Event
Add your message Cancel
Post toBlogger WordPress Twitter Facebook Deliciousmore share options .Embed For WordPress.com
Without related presentations
0 commentsPost a comment
Post a comment
..
Embed Video Subscribe to follow-up comments Unsubscribe from followup comments .
Edit your comment Cancel .Notes on slide 1
no notes for slide #1
no notes for slide #1
..Favorites, Groups & Events
more
How "·$% developers defeat the web vulnerability scanners - Presentation Transcript
1.How ?¿$·& developers defeat the most famous web vulnerability scanners …or how to recognize old friends Chema Alonso Informática64 José Parada Microsoft Ibérica
2.Agenda
1.- Introduction
2.- Inverted Queries
3.- Arithmetic Blind SQL Injection
4.- Time-Based Blind SQL Injection using Heavey Queries
5.- Conclusions
3.1.-Introduction
4.SQL Injection is still here among us
5.Web Application Security Consortium: Comparision http://projects.webappsec.org/Web-Application-Security-Statistics 12.186 sites 97.554 bugs
6.Need to Improve Automatic Scanning
Not always a manual scanning is possible
Time
Confidentiality
Money, money, money…
Need to study new ways to recognize old fashion vulnerabilities to improve automatic scanning tools.
7.2.-Inverted Queries
8.
9.Homers, how are they?
Lazy
Bad trainined
Poor Experience in security stuff
Don´t like working
Don´t like computing
Don´t like coding
Don´t like you!
10.Flanders are Left-handed
11.Right
SELECT UID
FROM USERS
WHERE NAME=‘V_NAME’
AND
PASSWORD=‘V_PASSW’;
12.Wrong?
SELECT UID
FROM USERS
WHERE ‘V_NAME’=NAME AND
‘ V_PASSW’=PASSWORD
13.Login Inverted Query
Select uid
From users where ‘v_name’=name and ‘v_pass’=password
http://www.web.com/login.php?v_name=Robert&v_pass=Kubica’ or '1'='1
Select uid
From users where ‘Robert’=name and ‘Kubica’ or ‘1’=‘1’=password
FAIL
14.Login Inverted SQL Injection an example
Select uid
From users where ‘v_name’=name and ‘v_pass’=password
http://www.web.com/login.php?v_name=Robert&v_pass=’=‘’ or ‘1’=‘1’ or ‘Kubica
Select uid
From users where ‘Robert’=name and ’’=‘’ or ‘1’=‘1’ or ‘Kubica’=password
Success
15.Blind Attacks
Attacker injects code but can´t access directly to the data.
However this injection changes the behavior of the web application.
Then the attacker looks for differences between true code injections (1=1) and false code injections (1=2) in the response pages to extract data.
Blind SQL Injection
Biind Xpath Injection
Blind LDAP Injection
16.Blind SQL Injection Attacks
Attacker injects:
“ True where clauses”
“ False where clauses“
Ex:
Program.php?id=1 and 1=1
Program.php?id=1 and 1=2
Program doesn’t return any visible data from database or data in error messages.
The attacker can´t see any data extracted from the database.
17.Blind SQL Injection Attacks
Attacker analyzes the response pages looking for differences between “True-Answer Page” and “False-Answer Page”:
Different hashes
Different html structure
Different patterns (keywords)
Different linear ASCII sums
“ Different behavior”
By example: Response Time
18.Blind SQL Injection Attacks
If any difference exists, then:
Attacker can extract all information from database
How? Using “booleanization”
MySQL:
Program.php?id=1 and 100>(ASCII(Substring(user(),1,1)))
“ True-Answer Page” or “False-Answer Page”?
MSSQL:
Program.php?id=1 and 100>(Select top 1 ASCII(Substring(name,1,1))) from sysusers)
Oracle:
Program.php?id=1 and 100>(Select ASCII(Sub
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionChema Alonso
Talk delivered by Chema Alonso & Jose Palazon "Palako" in ShmooCON 2009 at Washington about SQL Injection, Blind SQL Injection, Time-Based Blind SQL Injection, RFD (Remote File Downloading) and Serialized SQL Injection. http://www.slideshare.net/chemai64/timebased-blind-sql-injection-using-heavy-queries-34887073
This document discusses SQL injection attacks and how to mitigate them. It begins by explaining how injection attacks work by tricking applications into executing unintended commands. It then provides examples of how SQL injection can be used to conduct unauthorized access and data modification attacks. The document discusses techniques for finding and exploiting SQL injection vulnerabilities, including through the SELECT, INSERT, UPDATE and UNION commands. It also covers ways to mitigate injection attacks, such as using prepared statements with bound parameters instead of concatenating strings.
The document discusses various techniques for exploiting SQL injection vulnerabilities, including classical and blind SQL injection. It provides examples of exploiting SQL injection on different database management systems like MySQL, PostgreSQL, Oracle, and Microsoft SQL Server. It also discusses methods for bypassing web application firewalls during SQL injection attacks.
Advanced Topics On Sql Injection Protectionamiable_indian
The document discusses various methods for preventing SQL injection attacks, including input validation, using static query statements, and least privilege approaches. It provides detailed explanations and examples of how to properly implement input validation, including escaping special characters, validating numeric fields, and preventing second-order SQL injection. The document also cautions that approaches like parameterized statements and stored procedures do not automatically prevent SQL injection and can still be vulnerable if not implemented correctly.
This document discusses SQL injection attacks and how to mitigate them. It begins by defining injection attacks as tricks that cause an application to unintentionally include commands in user-submitted data. It then explains how SQL injection works by having the attacker submit malicious SQL code in a web form. The document outlines several examples of SQL injection attacks, such as unauthorized access, database modification, and denial of service. It discusses techniques for finding and exploiting SQL injection vulnerabilities. Finally, it recommends effective mitigation strategies like prepared statements and input whitelisting to protect against SQL injection attacks.
The document discusses SQL injection attacks. It explains that SQL injection works by tricking web applications into treating malicious user input as SQL code rather than data. This allows attackers to view sensitive data from the database or make changes by having the application execute unintended SQL commands. The key to preventing SQL injection is using prepared statements with bound parameters rather than concatenating user input into SQL queries. Other types of injection attacks on different interpreters are also discussed.
This document discusses SQL injection and ways to prevent it. SQL injection occurs when malicious SQL statements are inserted into an insufficiently validated string that is later executed as a database command. It can allow attackers to read or modify data in the database. The document outlines different types of SQL injection attacks and provides examples of how input validation and prepared statements can prevent injection. It also discusses command injection and file path traversal attacks.
SQL injection is a common web application security vulnerability that allows attackers to control an application's database by tricking the application into sending unexpected SQL commands to the database. It works by submitting malicious SQL code as input, which gets executed by the database since the application concatenates user input directly into SQL queries. The key to preventing SQL injection is using prepared statements with bound parameters instead of building SQL queries through string concatenation. This separates the SQL statement from any user-supplied input that could contain malicious code.
The document discusses Java Database Connectivity (JDBC) which allows Java applications to connect to databases. It describes the JDBC architecture including drivers, loading drivers, connecting to databases, executing queries and updates using Statement and PreparedStatement objects, processing result sets, and handling exceptions. It also covers transactions, result set metadata, and cleaning up resources.
The document discusses a SQL injection attack targeting Microsoft SQL servers that was observed in the website's server logs. It decodes the hexadecimal payload from the query string to reveal SQL code attempting to retrieve table and column names to then inject script tags linking to an external JavaScript file hosted on a Chinese domain. The document provides information on how to detect and prevent such attacks, including input sanitization, intrusion detection rules, and securing forms and queries. It also analyzes the behavior and payloads of the malicious JavaScript.
Understanding and preventing sql injection attacksKevin Kline
SQL Injection attacks are one of the most common hacker tricks used on the web. Learn what a SQL injection attack is and why you should be concerned about them.
This all new session is loaded with demos. You’ll get to witness first-hand several different types of SQL injection attacks, how to find them, and how to block them.
This document discusses using SQLite databases in Android applications. SQLite is an embedded SQL database that does not require a separate server. It is included in the Android SDK and can be used to create and query database files. The document explains how to open a database, create tables, insert/update/delete rows using SQL queries, and retrieve data using cursors. Raw queries and simple queries can be used to perform retrieval queries on a single table. Transactions are used to commit or roll back changes to the database.
Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...TAISEEREISA
SQLite is an embedded SQL database that is included within Android applications. It allows creating, querying, and modifying a database without a separate server process. Developers can open and query a SQLite database using methods like openDatabase(), rawQuery(), execSQL(), and insert()/update()/delete(). This allows storing and retrieving application data, even when the device is offline.
This document provides an overview of SQL and embedded SQL concepts. It discusses scalar subqueries, embedded SQL programming, transactions, dynamic SQL, and JDBC. Scalar subqueries return single values that can be used in expressions or output clauses. Embedded SQL allows embedding SQL statements in programming languages for connectivity. Transactions define units of work that can be committed or rolled back. Dynamic SQL builds SQL statements dynamically at runtime using strings, while JDBC is the Java database connectivity API.
The document discusses SQL injection, which occurs when malicious SQL commands are injected into a backend database. It provides examples of how SQL injection can be used to bypass authentication or retrieve sensitive data from a database. The document then discusses various techniques for preventing SQL injection, including using stored procedures, parameterized queries, and object-relational mappers like Entity Framework and NHibernate which help protect against injection attacks.
Oracle Database 12c - New Features for Developers and DBAsAlex Zaballa
Oracle Database 12c includes over 500 new features designed to support cloud computing, big data, security, and availability. Key features include support for up to 4096 pluggable databases, hot cloning without placing the source database in read-only mode, sharding capabilities, in-memory column storage, application containers, improved resource management isolation, and AWR support on Active Data Guard databases. Other notable features include enhanced JSON support, data redaction for security, row limits and offsets for queries, invisible columns, SQL text expansion, PL/SQL from SQL, session-level sequences, extended data types up to 32K, multiple indexes on the same columns, READ privileges without row locking ability, session private statistics for global temporary tables,
Oracle Database 12c - New Features for Developers and DBAsAlex Zaballa
This document summarizes a presentation about new features in Oracle Database 12c for developers and DBAs. It introduces JSON support, data redaction, SQL query row limits and offsets, invisible columns, extended data types, session level sequences, and more. Demo sections are included to illustrate several of the new features.
This document provides an overview of connecting to and interacting with a CSQL database using JDBC. It discusses loading the JDBC driver, establishing a connection, and executing SQL statements like CREATE, INSERT, UPDATE, DELETE, and DROP using Statement and PreparedStatement objects. Example code is provided to demonstrate connecting to CSQL and performing common SQL operations through JDBC.
Similar to ShmooCon 2009 - (Re)Playing(Blind)Sql (20)
La labor de gestionar la seguridad de una empresa suele ser como bailar sobre el alambre. Hay que permitir que el negocio siga funcionando, estar a la última, proteger lo ya implantado e innovar en cosas nuevas. Eso sí, de forma más eficiente cada año y con menos presupuesto. Todo ello, con el objetivo de no que no pase nada. La conclusión de esto es que al final siempre queda Long Hanging Fruit para que cualquiera se aproveche.
Configurar y utilizar Latch en MagentoChema Alonso
Tutorial realizado por Joc sobre cómo instalar y configurar Latch en el framework Magento. El plugin puede descargarse desde https://github.com/jochhop/magento-latch y tienes un vídeo descriptivo de su uso en http://www.elladodelmal.com/2015/10/configurar-y-utilizar-latch-en-magento.html
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
Diapositivas de la presentación impartida por Chema Alonso durante el congreso CELAES 2015 el 15 de Octubre en Panamá. En ella se habla de cómo en Eleven Paths y Telefónica se utilizan las tecnologías Tacyt, Sinfonier y Faast para luchar contra el e-crime.
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
The document discusses new paradigms in digital identity, including authentication and authorization as a service (AuthaaS). It describes the different types of digital identities (physical, corporate, social), and proposes a model where mobile devices can be used for multi-factor authentication and authorization. The model provides different levels of authentication from basic to strong, and allows companies to apply access control strategies across traditional IT environments and IAM solutions through services like one-time passwords and digital locks.
CritoReto 4: Buscando una aguja en un pajarChema Alonso
Los últimos meses la contrainteligencia británica ha avanzado a pasos agigantados en la localización de agentes rusos activos en suelo inglés. Los avances en criptoanálisis, del ahora ascendido Capitán Torregrosa, han permitido localizar el punto central de trabajo de los agentes rusos. Después de días vigilando “Royal China Club”, no se observa ningún movimiento, da la sensación que no es un lugar de encuentro habitual, aunque según las informaciones recopiladas los datos más sensibles de los operativos rusos se encuentran en esa localización. Por este motivo, se decide entrar en el club y copiar toda la información para analizarla. Entre las cosas más curiosas encontradas, se observa un póster en la pared con una imagen algo rara y una especie de crucigrama, así como un texto impreso en una mesa. Ningún aparato electrónico excepcional ni nada aparentemente cifrado. ¿Podrá la inteligencia británica dar por fin con los agentes rusos? El tiempo corre en su contra…
Talk delivered by Chema Alonso at RootedCON Satellite (Saturday 12th of September 2015) about how to do hacking & pentesting using dorks over Tacyt, a Big Data of Android Apps
Pentesting con PowerShell: Libro de 0xWordChema Alonso
Índice del libro "Pentesting con PowerShell" de 0xWord.com. Tienes más información y puedes adquirirlo en la siguiente URL: http://0xword.com/es/libros/69-pentesting-con-powershell.html
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
Artículo de Windows Técnico que muestra cómo recuperar dispositivos de sonido en Windows Vista y Windows 7 cuando estos desaparecen. Más información en http://www.elladodelmal.com
Charla impartida por Chema Alonso en el congreso Internet 3.0 el 24 de Abril de 2015 en Alicante sobre cómo la gente que cree en las soluciones mágicas y gratuitas acaba siendo estafada o víctima de fraude. Todas las partes de la presentación llevan sus enlaces a los artículos correspondientes para ampliar información.
El documento presenta una serie de nombres de ingenieros y hackers asociados con la compañía elevenpaths.com. Al final, incluye un mensaje que indica que no es necesario ser ingeniero para ser hacker o viceversa, pero que la combinación de ambas habilidades es muy valiosa para la compañía.
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Chema Alonso
Cuarta Edición del Curso Online de Especialización en Seguridad
Informática para la Ciberdefensa
Del 4 de mayo al 4 de junio de 2015
Orientado a:
- Responsables de seguridad.
- Cuerpos y fuerzas de seguridad del Estado.
- Agencias militares.
- Ingenieros de sistemas o similar.
- Estudiantes de tecnologías de la información
Auditoría de TrueCrypt: Informe final fase IIChema Alonso
Informe con los resultados de la fase II del proceso de auditoría del software de cifrado de TrueCrypt que buscaba bugs y posibles puertas traseras en el código.
La mayoría de la gente tiene una buena concepción del hardware de Apple. En este artículo, José Antonio Rodriguez García intenta desmontar algunos mitos.
Latch en Linux (Ubuntu): El cerrojo digitalChema Alonso
Artículo de cómo fortifica Linux (Ubuntu) con Latch: El cerrojo digital. El paper ha sido escrito por Bilal Jebari http://www.bilaljebari.tk/index.php/es/blog/5-latch-en-ubuntu
Este documento contiene información sobre diferentes técnicas de hacking avanzado y análisis de malware utilizando Python. Se cubren temas como ataques en redes locales, fuzzing, depuración de software, anonimato con TOR e I2P, amenazas persistentes avanzadas (APT), inyección de código malicioso, análisis de memoria y malware, y el desarrollo de herramientas para espiar víctimas y representar servidores en una red. El documento está organizado en cuatro capítulos principales y vari
Talk delivered by Chema Alonso in CyberCamp ES 2014 about Shuabang Botnet discoverd by Eleven Paths. http://www.slideshare.net/elevenpaths/shuabang-with-new-techniques-in-google-play
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
Charla dada por Chema Alonso en Five Talks sobre cómo funciona la seguridad de iPhone. Más información y detalles en el libro Hacking iOS {iPhone & iPad} http://0xword.com/es/libros/39-libro-hacking-dispositivos-ios-iphone-ipad.html
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
1. (Re) Playing with (Blind) SQL Injection José Palazón “Palako” Mobile Security at Yahoo! Chema Alonso Informatica64 Microsoft MVP Enterprise Security