SlideShare a Scribd company logo

Sql injection brief for slideshare

Download as PPTX, PDF
Frank Rietta
Frank Rietta

2006 presentation by Frank Rietta on Web Applications and SQL Injection Attacks. The content is even more relevant today, six years later, given the explosion in web-based systems being built with PHP, Ruby on Rails, and other web application frameworks.

Technology
1 of 15
Web Applications and SQL Injection Attacks SQLIA’s are not unique to web applications, but the open nature gives access and sufficient time to attackers. Validate all input strings from both users and database query results! © 2006, 2012 Rietta Inc. All Rights Reserved. by Frank S. Rietta
Presentation Overview 1. Universal Firewall Bypass Protocol (UFBP) 2. Web Apps and Databases 3. Access Control 4. SQL Injection Attacks 5. Demo 6. ARM Yourself Against SQL Injection UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
One Possible Network Graphic source Source Microsoft TechNet (Hacking: Fight Back) UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
Web Apps: Attacker Friendly™ Users WWW DBMS Eve UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
CIA Violations SQLIA destroy Confidentiality, Integrity, and Accessibility. • Information Disclosure • Unauthorized Tampering with Data • Arbitrary Code Execution UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
Ineffective DBMS Access Control • Too many “god” users! • RBAC is often not used • Developers leave security entirely up to the application, rendering the DBMS powerless to mitigate SQL injection risks. 6 UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
SQL Templates and String Manipulation • SQL statements are formed by filling user and application supplied data into a preexisting query template. • A SQLIA is the result of clever user-supplied input changing the meaning of the query. • Parameterization attacks are the most common venue for exploitation. UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
1st Order Parameter Replacement SELECT * FROM Directory WHERE Last_Name LIKE „${NAME}‟ ; SELECT * FROM Directory WHERE Last_Name LIKE „frank‟ OR 1=1 UNION SELECT user, password FROM mysql.user WHERE „q‟=„q‟ OR „‟ Fetches a full listing of MySQL user table, including passwords! UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
2nd Order Parameter Replacement SELECT * FROM Listing WHERE Last_Name=„${NAME}‟ OR LastName =„${NAME}‟ SELECT * FROM Listing WHERE Last_Name = „Bob‟ OR 1=1 OR Last_Name = „Bob‟ OR 1=1 Tautologies are typical in SQL injection attacks. Usually always evaluating to true. UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
Unquoted Numerical Parameter UPDATE Financial_Records SET Salary = ${NEW_SALARY} WHERE Name = '${NAME}' Without quotes in the template, any string literal other than a number will be part of the SQL statement and will not be treated as a literal by the DBMS, resulting in a direct injection. UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
Review of Parameterization Attacks • A template has one or more parameters placed to make the SQL query for submission to the DBMS • Dangling parameters are often exploited • Unquoted numerical parameters are the easiest to exploit • Trampoline attacks UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
Live Exploit Demonstration UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
ARM Yourself Against SQL Injection When writing applications, be sure to validate ALL input strings. There are three, and only three, options when given a piece of data: • Accept it • Reject it • Manipulate it Image source www.historiccamdencounty.com 13
Improving Coding Practices for SQL • Certain dangerous language features, such as unquoted numbers should be avoided. • Coding policies, that is “best practices,” should be developed in such a way as to be automatically enforced. • Validate all input strings from both users and database query results!
Questions?

Recommended

Automation Test Framework
Automation Test FrameworkAutomation Test Framework
Automation Test FrameworkSachin-QA
 
SQL injection
SQL injectionSQL injection
SQL injectionAkash Panchal
 
Sql injection exploit
Sql injection exploitSql injection exploit
Sql injection exploitVarun_duggal457
 
Mule ESB - Intra application communication
Mule ESB - Intra application communicationMule ESB - Intra application communication
Mule ESB - Intra application communicationkrishananth
 
Java Development Environment
Java Development EnvironmentJava Development Environment
Java Development EnvironmentShivaji Chelladurai
 
Soa testing soap ui (2)
Soa testing soap ui (2)Soa testing soap ui (2)
Soa testing soap ui (2)Knoldus Inc.
 
Career in java
Career in javaCareer in java
Career in javaShivaji Chelladurai
 
How Spring Framework Really Works?
How Spring Framework Really Works?How Spring Framework Really Works?
How Spring Framework Really Works?NexSoftsys
 

Recommended

Automation Test Framework
Automation Test FrameworkAutomation Test Framework
Automation Test FrameworkSachin-QA
 
SQL injection
SQL injectionSQL injection
SQL injectionAkash Panchal
 
Sql injection exploit
Sql injection exploitSql injection exploit
Sql injection exploitVarun_duggal457
 
Mule ESB - Intra application communication
Mule ESB - Intra application communicationMule ESB - Intra application communication
Mule ESB - Intra application communicationkrishananth
 
Java Development Environment
Java Development EnvironmentJava Development Environment
Java Development EnvironmentShivaji Chelladurai
 
Soa testing soap ui (2)
Soa testing soap ui (2)Soa testing soap ui (2)
Soa testing soap ui (2)Knoldus Inc.
 
Career in java
Career in javaCareer in java
Career in javaShivaji Chelladurai
 
How Spring Framework Really Works?
How Spring Framework Really Works?How Spring Framework Really Works?
How Spring Framework Really Works?NexSoftsys
 
Logging best practice in mule using logger component
Logging best practice in mule using logger componentLogging best practice in mule using logger component
Logging best practice in mule using logger componentGovind Mulinti
 
Soap ui
Soap uiSoap ui
Soap uiEPAM_Dnipropetrovsk_Testing_Community
 
Testing soapui
Testing soapuiTesting soapui
Testing soapuiShahid Shaik
 
Java performance tuning
Java performance tuningJava performance tuning
Java performance tuningShivaji Chelladurai
 
Mule velocity
Mule velocityMule velocity
Mule velocityPraneethchampion
 
WebAppSec: Assessment and Defense
WebAppSec: Assessment and DefenseWebAppSec: Assessment and Defense
WebAppSec: Assessment and Defenseajitdhumale
 
Features of Mule SAP Connector
Features of Mule SAP ConnectorFeatures of Mule SAP Connector
Features of Mule SAP ConnectorSanjeet Pandey
 
Unlocking the power of the APEX Plugin Architecture
Unlocking the power of the APEX Plugin ArchitectureUnlocking the power of the APEX Plugin Architecture
Unlocking the power of the APEX Plugin ArchitectureMatt Nolan
 
Mulesoft Calling Flow of Other Applications
Mulesoft Calling Flow of Other ApplicationsMulesoft Calling Flow of Other Applications
Mulesoft Calling Flow of Other Applicationskumar gaurav
 
Project on PHP for Complaint management system
Project on PHP for Complaint management systemProject on PHP for Complaint management system
Project on PHP for Complaint management systemAryaBhatt Collage of Eingineering and Technology
 
Content based routing tutorial in mule
Content based routing tutorial in muleContent based routing tutorial in mule
Content based routing tutorial in muleSindhu VL
 
C# Advanced L10-Workflow Foundation
C# Advanced L10-Workflow FoundationC# Advanced L10-Workflow Foundation
C# Advanced L10-Workflow FoundationMohammad Shaker
 
Deploying and Running in Mule
Deploying and Running in MuleDeploying and Running in Mule
Deploying and Running in MuleKhasim Saheb
 
Go database/sql
Go database/sqlGo database/sql
Go database/sqlArtem Kovardin
 
Preprocessing with RapidMiner Studio 6
Preprocessing with RapidMiner Studio 6Preprocessing with RapidMiner Studio 6
Preprocessing with RapidMiner Studio 6Big Data Engineering, Faculty of Engineering, Dhurakij Pundit University
 
Search Twitter with RapidMiner Studio 6
Search Twitter with RapidMiner Studio 6Search Twitter with RapidMiner Studio 6
Search Twitter with RapidMiner Studio 6Big Data Engineering, Faculty of Engineering, Dhurakij Pundit University
 
Building Decision Tree model with numerical attributes
Building Decision Tree model with numerical attributesBuilding Decision Tree model with numerical attributes
Building Decision Tree model with numerical attributesBig Data Engineering, Faculty of Engineering, Dhurakij Pundit University
 
Big Data with Not Only SQL
Big Data with Not Only SQLBig Data with Not Only SQL
Big Data with Not Only SQLPhilippe Julio
 
Evaluation metrics: Precision, Recall, F-Measure, ROC
Evaluation metrics: Precision, Recall, F-Measure, ROCEvaluation metrics: Precision, Recall, F-Measure, ROC
Evaluation metrics: Precision, Recall, F-Measure, ROCBig Data Engineering, Faculty of Engineering, Dhurakij Pundit University
 
Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...
Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...
Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...Beat Signer
 
Introduction to Data Mining and Big Data Analytics
Introduction to Data Mining and Big Data AnalyticsIntroduction to Data Mining and Big Data Analytics
Introduction to Data Mining and Big Data AnalyticsBig Data Engineering, Faculty of Engineering, Dhurakij Pundit University
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 

More Related Content

What's hot

Logging best practice in mule using logger component
Logging best practice in mule using logger componentLogging best practice in mule using logger component
Logging best practice in mule using logger componentGovind Mulinti
 
WebAppSec: Assessment and Defense
WebAppSec: Assessment and DefenseWebAppSec: Assessment and Defense
WebAppSec: Assessment and Defenseajitdhumale
 
Features of Mule SAP Connector
Features of Mule SAP ConnectorFeatures of Mule SAP Connector
Features of Mule SAP ConnectorSanjeet Pandey
 
Unlocking the power of the APEX Plugin Architecture
Unlocking the power of the APEX Plugin ArchitectureUnlocking the power of the APEX Plugin Architecture
Unlocking the power of the APEX Plugin ArchitectureMatt Nolan
 
Mulesoft Calling Flow of Other Applications
Mulesoft Calling Flow of Other ApplicationsMulesoft Calling Flow of Other Applications
Mulesoft Calling Flow of Other Applicationskumar gaurav
 
Content based routing tutorial in mule
Content based routing tutorial in muleContent based routing tutorial in mule
Content based routing tutorial in muleSindhu VL
 
C# Advanced L10-Workflow Foundation
C# Advanced L10-Workflow FoundationC# Advanced L10-Workflow Foundation
C# Advanced L10-Workflow FoundationMohammad Shaker
 
Deploying and Running in Mule
Deploying and Running in MuleDeploying and Running in Mule
Deploying and Running in MuleKhasim Saheb
 

What's hot (13)

Logging best practice in mule using logger component
Logging best practice in mule using logger componentLogging best practice in mule using logger component
Logging best practice in mule using logger component
 
Soap ui
Soap uiSoap ui
Soap ui
 
Testing soapui
Testing soapuiTesting soapui
Testing soapui
 
Java performance tuning
Java performance tuningJava performance tuning
Java performance tuning
 
Mule velocity
Mule velocityMule velocity
Mule velocity
 
WebAppSec: Assessment and Defense
WebAppSec: Assessment and DefenseWebAppSec: Assessment and Defense
WebAppSec: Assessment and Defense
 
Features of Mule SAP Connector
Features of Mule SAP ConnectorFeatures of Mule SAP Connector
Features of Mule SAP Connector
 
Unlocking the power of the APEX Plugin Architecture
Unlocking the power of the APEX Plugin ArchitectureUnlocking the power of the APEX Plugin Architecture
Unlocking the power of the APEX Plugin Architecture
 
Mulesoft Calling Flow of Other Applications
Mulesoft Calling Flow of Other ApplicationsMulesoft Calling Flow of Other Applications
Mulesoft Calling Flow of Other Applications
 
Project on PHP for Complaint management system
Project on PHP for Complaint management systemProject on PHP for Complaint management system
Project on PHP for Complaint management system
 
Content based routing tutorial in mule
Content based routing tutorial in muleContent based routing tutorial in mule
Content based routing tutorial in mule
 
C# Advanced L10-Workflow Foundation
C# Advanced L10-Workflow FoundationC# Advanced L10-Workflow Foundation
C# Advanced L10-Workflow Foundation
 
Deploying and Running in Mule
Deploying and Running in MuleDeploying and Running in Mule
Deploying and Running in Mule
 

Viewers also liked

Big Data with Not Only SQL
Big Data with Not Only SQLBig Data with Not Only SQL
Big Data with Not Only SQLPhilippe Julio
 
Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...
Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...
Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...Beat Signer
 

Viewers also liked (8)

Go database/sql
Go database/sqlGo database/sql
Go database/sql
 
Preprocessing with RapidMiner Studio 6
Preprocessing with RapidMiner Studio 6Preprocessing with RapidMiner Studio 6
Preprocessing with RapidMiner Studio 6
 
Search Twitter with RapidMiner Studio 6
Search Twitter with RapidMiner Studio 6Search Twitter with RapidMiner Studio 6
Search Twitter with RapidMiner Studio 6
 
Building Decision Tree model with numerical attributes
Building Decision Tree model with numerical attributesBuilding Decision Tree model with numerical attributes
Building Decision Tree model with numerical attributes
 
Big Data with Not Only SQL
Big Data with Not Only SQLBig Data with Not Only SQL
Big Data with Not Only SQL
 
Evaluation metrics: Precision, Recall, F-Measure, ROC
Evaluation metrics: Precision, Recall, F-Measure, ROCEvaluation metrics: Precision, Recall, F-Measure, ROC
Evaluation metrics: Precision, Recall, F-Measure, ROC
 
Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...
Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...
Structured Query Language (SQL) - Lecture 5 - Introduction to Databases (1007...
 
Introduction to Data Mining and Big Data Analytics
Introduction to Data Mining and Big Data AnalyticsIntroduction to Data Mining and Big Data Analytics
Introduction to Data Mining and Big Data Analytics
 

Similar to Sql injection brief for slideshare

Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
Web application penetration using SQLMAP.
Web application penetration using SQLMAP.Web application penetration using SQLMAP.
Web application penetration using SQLMAP.asmitaanpat
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Ravindra Singh Rathore
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security ChampionsPetraVukmirovic
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Ch 9 Attacking Data Stores (Part 2)
Ch 9 Attacking Data Stores (Part 2)Ch 9 Attacking Data Stores (Part 2)
Ch 9 Attacking Data Stores (Part 2)Sam Bowne
 
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)Sam Bowne
 
Sql injection manish file
Sql injection manish fileSql injection manish file
Sql injection manish fileyukta888
 
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)Sam Bowne
 
Hack your db before the hackers do
Hack your db before the hackers doHack your db before the hackers do
Hack your db before the hackers dofangjiafu
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01G Prachi
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
SQL INJECTIONS EVERY TESTER NEEDS TO KNOW
SQL INJECTIONS EVERY TESTER NEEDS TO KNOWSQL INJECTIONS EVERY TESTER NEEDS TO KNOW
SQL INJECTIONS EVERY TESTER NEEDS TO KNOWVladimir Arutin
 
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...Michael Noel
 
CH05-CompSec4e.pptx
CH05-CompSec4e.pptxCH05-CompSec4e.pptx
CH05-CompSec4e.pptxIkmal71
 
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael NoelSPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael NoelMichael Noel
 

Similar to Sql injection brief for slideshare (20)

Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
Web application penetration using SQLMAP.
Web application penetration using SQLMAP.Web application penetration using SQLMAP.
Web application penetration using SQLMAP.
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection
Sql injectionSql injection
Sql injection
 
Ch 9 Attacking Data Stores (Part 2)
Ch 9 Attacking Data Stores (Part 2)Ch 9 Attacking Data Stores (Part 2)
Ch 9 Attacking Data Stores (Part 2)
 
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
 
Sql injection manish file
Sql injection manish fileSql injection manish file
Sql injection manish file
 
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
 
Hack your db before the hackers do
Hack your db before the hackers doHack your db before the hackers do
Hack your db before the hackers do
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
SQL INJECTIONS EVERY TESTER NEEDS TO KNOW
SQL INJECTIONS EVERY TESTER NEEDS TO KNOWSQL INJECTIONS EVERY TESTER NEEDS TO KNOW
SQL INJECTIONS EVERY TESTER NEEDS TO KNOW
 
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
 
CH05-CompSec4e.pptx
CH05-CompSec4e.pptxCH05-CompSec4e.pptx
CH05-CompSec4e.pptx
 
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael NoelSPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Sql injection brief for slideshare

  • 1. Web Applications and SQL Injection Attacks SQLIA’s are not unique to web applications, but the open nature gives access and sufficient time to attackers. Validate all input strings from both users and database query results! © 2006, 2012 Rietta Inc. All Rights Reserved. by Frank S. Rietta
  • 2. Presentation Overview 1. Universal Firewall Bypass Protocol (UFBP) 2. Web Apps and Databases 3. Access Control 4. SQL Injection Attacks 5. Demo 6. ARM Yourself Against SQL Injection UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 3. One Possible Network Graphic source Source Microsoft TechNet (Hacking: Fight Back) UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 4. Web Apps: Attacker Friendly™ Users WWW DBMS Eve UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 5. CIA Violations SQLIA destroy Confidentiality, Integrity, and Accessibility. • Information Disclosure • Unauthorized Tampering with Data • Arbitrary Code Execution UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 6. Ineffective DBMS Access Control • Too many “god” users! • RBAC is often not used • Developers leave security entirely up to the application, rendering the DBMS powerless to mitigate SQL injection risks. 6 UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 7. SQL Templates and String Manipulation • SQL statements are formed by filling user and application supplied data into a preexisting query template. • A SQLIA is the result of clever user-supplied input changing the meaning of the query. • Parameterization attacks are the most common venue for exploitation. UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 8. 1st Order Parameter Replacement SELECT * FROM Directory WHERE Last_Name LIKE „${NAME}‟ ; SELECT * FROM Directory WHERE Last_Name LIKE „frank‟ OR 1=1 UNION SELECT user, password FROM mysql.user WHERE „q‟=„q‟ OR „‟ Fetches a full listing of MySQL user table, including passwords! UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 9. 2nd Order Parameter Replacement SELECT * FROM Listing WHERE Last_Name=„${NAME}‟ OR LastName =„${NAME}‟ SELECT * FROM Listing WHERE Last_Name = „Bob‟ OR 1=1 OR Last_Name = „Bob‟ OR 1=1 Tautologies are typical in SQL injection attacks. Usually always evaluating to true. UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 10. Unquoted Numerical Parameter UPDATE Financial_Records SET Salary = ${NEW_SALARY} WHERE Name = '${NAME}' Without quotes in the template, any string literal other than a number will be part of the SQL statement and will not be treated as a literal by the DBMS, resulting in a direct injection. UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 11. Review of Parameterization Attacks • A template has one or more parameters placed to make the SQL query for submission to the DBMS • Dangling parameters are often exploited • Unquoted numerical parameters are the easiest to exploit • Trampoline attacks UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 12. Live Exploit Demonstration UFBP  WA&DB  Access Control  SQLIA  Demo  ARM
  • 13. ARM Yourself Against SQL Injection When writing applications, be sure to validate ALL input strings. There are three, and only three, options when given a piece of data: • Accept it • Reject it • Manipulate it Image source www.historiccamdencounty.com 13
  • 14. Improving Coding Practices for SQL • Certain dangerous language features, such as unquoted numbers should be avoided. • Coding policies, that is “best practices,” should be developed in such a way as to be automatically enforced. • Validate all input strings from both users and database query results!