In this presentation I covered almost all basic details about SQL Injection. So you can get best knowledge about SQL Injection (SQLI).
This presentation contains animation so try out it on PC's.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
In this presentation I covered almost all basic details about SQL Injection. So you can get best knowledge about SQL Injection (SQLI).
This presentation contains animation so try out it on PC's.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
• What is SQL injection ?
• Why is it harmful?
• Types of SQL injection attacks.
• How to identify SQL injection vulnerability.
• Exploiting SQL injection.
• How to protect Web Application from SQL injection.
The slide consists of:
An explanation for SQL injections.
First order and second order SQL injections.
Methods: Normal and Blind SQL injections with examples.
Examples: Injection using true/false, drop table and update table commands.
Prevention using dynamic embedded SQL queries.
Conclusion and References.
This Slide contain information about the SQL injection.
Types of SQL injection and some case study about the SQL injection and some technique so we prevent our system
SQL injection is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution.
This is a method to attack web applications that have a data repository.The
attacker would send a specially crafted SQL statement that is designed to cause
some malicious action.SQL injection is an attack technique that exploits a security
vulnerability occurring in the database layer of an application and a service. This
is most often found within web pages with dynamic content.
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.
It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).
• What is SQL injection ?
• Why is it harmful?
• Types of SQL injection attacks.
• How to identify SQL injection vulnerability.
• Exploiting SQL injection.
• How to protect Web Application from SQL injection.
The slide consists of:
An explanation for SQL injections.
First order and second order SQL injections.
Methods: Normal and Blind SQL injections with examples.
Examples: Injection using true/false, drop table and update table commands.
Prevention using dynamic embedded SQL queries.
Conclusion and References.
This Slide contain information about the SQL injection.
Types of SQL injection and some case study about the SQL injection and some technique so we prevent our system
SQL injection is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution.
This is a method to attack web applications that have a data repository.The
attacker would send a specially crafted SQL statement that is designed to cause
some malicious action.SQL injection is an attack technique that exploits a security
vulnerability occurring in the database layer of an application and a service. This
is most often found within web pages with dynamic content.
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.
It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).
An overview of techniques for defending against SQL Injection using Python tools. This slide deck was presented at the DC Python Meetup on October 4th, 2011 by Edgar Roman, Sr Director of Application Development at PBS
Understanding and preventing sql injection attacksKevin Kline
SQL Injection attacks are one of the most common hacker tricks used on the web. Learn what a SQL injection attack is and why you should be concerned about them.
This all new session is loaded with demos. You’ll get to witness first-hand several different types of SQL injection attacks, how to find them, and how to block them.
A pragmatic approach to different SQL Injection techniques such as Stacked statements, Tautology based, Union based, Error based, Second Order and Blind SQL Injection coherently explaining the path behind these attacks including tips and tricks to make them more likely to work in real life.
Also I will show you ways to avoid weak defenses as black listing and quote filtering as well as how privilege escalation may take place from this sort of vulnerabilities.
There will be a live demonstration where you can catch on some handy tools and actually see blind sql injection working efficiently with the latest techniques showing you why this type of SQL injection shouldn't be taken any less seriously than any other.
Finally, a word on countermeasures and real solutions to prevent these attacks, what you should do and what you should not.
http://videos.sapo.pt/ZvwITnTBMzD8HYvEZrov (video)
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsScott Sutherland
During this presentation, I’ll cover common ways to target, exploit, and escalate domain privileges through SQL Servers in Active Directory environments. I’ll also share a msbuild.exe project file that can be used as an offensive SQL Client during red team engagements when tools like PowerUpSQL are too overt.
Where there is Active Directory, there are SQL Servers. In dynamic enterprise environments it’s common to see both platforms suffer from misconfigurations that lead to unauthorized system and sensitive data access. During this presentation, I’ll cover common ways to target, exploit, and escalate domain privileges through SQL Servers in Active Directory environments. I’ll also share a msbuild.exe project file that can be used as an offensive SQL Client during red team engagements when tools like PowerUpSQL are too overt.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
5. Actual use case
$sql = “SELECT * FROM ARTICLES WHERE id = “ . $_GET[“id”];
//executed query - SELECT * FROM ARTICLES WHERE ID = 1234
$result = mysql_query($sql);
5
6. SQL injected input
$sql = “SELECT * FROM ARTICLES WHERE id = “ . $_GET[“id”];
//executed query - SELECT * FROM ARTICLES WHERE ID = 1234; DROP
TABLE ARTICLES
$result = mysql_query($sql);
6
9. There are queries for that too…
http://www.site.com/articles.php
?id=1234 UNION SELECT
group_concat(schema_name),2,3,4,
5,6,7,8,9,10,11,12,13,14,15,16,1
7,18,19,20,21,22,23,24 from
information_schema.schemata --
9
10. There are queries for that too…
http://www.site.com/articles.php
?id=1234 UNION SELECT
group_concat(table_name),2,3,4,5
,6,7,8,9,10,11,12,13,14,15,16,17
,18,19,20,21,22,23,24 from
information_schema.tables where
table_schema=database()--
10
12. SQL Attack steps
• Searching for a vulnerable point
• Fingerprinting the backend DB
• Enumerating or retrieving data of interest –
table dumps, usernames/passwords etc.
• Eventual exploiting the system once the
information is handy
– OS take over, data change, web server take over
etc.
12
13. It is a very serious problem
• The attacker can delete, modify or even
worse, steal your data
• Compromises the safety, security & trust of
user data
• Compromises a company’s competitiveness or
even the ability to stay in business
13
14. How to mitigate the risk
• Escape all user supplied input
• Always validate input
• Use prepared statements
– For PHP+MySQL – use PDO with strongly typed
parameterized queries (using bindParam())
• Code reviews
• Don’t store password in plain text in the DB
– Salt them and hash them
14
15. Escape & Validate input
• Escape all input
– Whether supplied via the URL or via POST data
– Even for internal APIs
– Anything that goes to the DB is escaped
• Validate all input - Validating a Free Form Text Field for
allowed chars (numbers, letters, whitespace, .-_)
– ^[a-zA-Z0-9s._-]+$ (Any number of characters)
– ^[a-zA-Z0-9s._-]{1-100}$ (This is better, since it limits this
field to 1 to 100 characters)
• source https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
15
16. Least privilege
• To minimize the potential damage of a
successful SQL injection attack, you should
minimize the privileges assigned to every
database account in your environment.
• Do not assign DBA or admin type access rights
to your application accounts.
• Don't run your DBMS as root or system!
16
17. URL rules
• No parentheses or angular brackets in the URLs
– While saving or generating remove from the URLs
– If you really need to have parentheses or angular brackets
in the URL, then encode them
• URL should not end with two or more dashes “--“
– While saving or generating remove these from the URLs
• URL should not end with “/*”
– While saving or generating remove these from the URLs
• No schema, table or column names should be part of
your URL
• These rules should be followed even for AJAX/JSON
URLs
17
18. Quick fixes
• For companies that have a large setup or a lot
of legacy code that will take a long time to
audit and fix, put some SQL injection
detection patterns in your Load Balancer itself
• Enable mod_security on Apache
• Run the RIPS scanner on your PHP code for
detecting vulnerabilities -
http://sourceforge.net/projects/rips-scanner/
18
19. Common (My)SQL injection URL
patterns
• ending with “--”
• ending with “/*”
• containing UNION, (ALL), SELECT and FROM
• BENCHMARK
• Containing “information_schema”
• Containing “load_file”
19
20. Further reading
• SQL attacks by example -
http://www.unixwiz.net/techtips/sql-
injection.html
• OWASP -
https://www.owasp.org/index.php/SQL_Inject
ion
20