This document summarizes a presentation on SQL injection vulnerabilities. It discusses the business risks of SQL injection, including theft of sensitive data, data corruption, and unauthorized access. It provides examples of basic SQL injection attack strings and blind SQL injection. It also covers mitigation techniques like parameterized queries and input validation. The document concludes with additional SQL injection resources and information on upcoming security events.
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Siteijtsrd
Structured Query Language (SQL) Injection is a code injection technique that exploits security vulnerability occurring in database layer of web applications [8]. According to Open Web Application Security Projects (OWASP), SQL Injection is one of top 10 web based attacks [10]. This paper shows the basics of SQL Injection attack, types of SQL Injection Attack according to their classification. It also describes the survey of different SQL Injection attack detection and prevention. At the end of this paper, the comparison of different SQL Injection Attack detection and prevention is shown. Mr. Vishal Andodariya"SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-4 , June 2018, URL: http://www.ijtsrd.com/papers/ijtsrd13034.pdf http://www.ijtsrd.com/computer-science/computer-security/13034/sql-injection-attack-detection-and-prevention-techniques-to-secure-web-site/mr-vishal-andodariya
SQL Injection in action with PHP and MySQLPradeep Kumar
A hands-on example for SQL injection using PHP and MySQL
It also offers an overview how it gets into in our applications and how we can overcome SQL Injection.
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Siteijtsrd
Structured Query Language (SQL) Injection is a code injection technique that exploits security vulnerability occurring in database layer of web applications [8]. According to Open Web Application Security Projects (OWASP), SQL Injection is one of top 10 web based attacks [10]. This paper shows the basics of SQL Injection attack, types of SQL Injection Attack according to their classification. It also describes the survey of different SQL Injection attack detection and prevention. At the end of this paper, the comparison of different SQL Injection Attack detection and prevention is shown. Mr. Vishal Andodariya"SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-4 , June 2018, URL: http://www.ijtsrd.com/papers/ijtsrd13034.pdf http://www.ijtsrd.com/computer-science/computer-security/13034/sql-injection-attack-detection-and-prevention-techniques-to-secure-web-site/mr-vishal-andodariya
SQL Injection in action with PHP and MySQLPradeep Kumar
A hands-on example for SQL injection using PHP and MySQL
It also offers an overview how it gets into in our applications and how we can overcome SQL Injection.
What is advanced SQL Injection? InfographicJW CyberNerd
SQL injection is a technique used to take advantage of un-sanitized input vulnerabilities to pass SQL commands through a web application for execution by a backend database. It is a basic attack used to either gain unauthorized access to a database or retrieve information directly from the database.
Learn how SQL injection works, and explore advanced SQL injection attacks: https://iclass.eccouncil.org/product/web-application-hacking-security/
SQL Injection is a dangerous vulnerability. The transformation from a normal SQL to a malicious query. The successful SQL injection attack can lead to unauthorized access, change or delete data, and theft of information. Do not take SQL injection for granted.
OWASP Top 10 - Day 1 - A1 injection attacksMohamed Talaat
This is my power point slides for the OWASP Cairo Chapter event held in (Information Technology Institute) on 16/3/2019.
It's focused on SQL Injection attack, command and code injection and their mitigation, also at the last minutes in the presentation I made a demo on the blind sql injection attack using one of pentesterlab vulnerable machines.
• What is SQL injection ?
• Why is it harmful?
• Types of SQL injection attacks.
• How to identify SQL injection vulnerability.
• Exploiting SQL injection.
• How to protect Web Application from SQL injection.
Security in PHP Applications: An absolute must!Mark Niebergall
Security in PHP Applications: An absolute must!
Is you application secure? What does securely written code look like? In this presentation we will talk about what it takes to make a PHP application be written securely. We will focus on secure coding practices and discuss vulnerabilities that must be addressed, including SQL injection, XSS, user authentication and authorization, data validation, and data integrity. There will be example code and working examples to show you what works and what doesn't. We will also discuss how to bake security into system development life cycle and how to convince management that security issues must be addressed. You will come out of this presentation ready to become the Security Hero you've always wanted to be!
What is advanced SQL Injection? InfographicJW CyberNerd
SQL injection is a technique used to take advantage of un-sanitized input vulnerabilities to pass SQL commands through a web application for execution by a backend database. It is a basic attack used to either gain unauthorized access to a database or retrieve information directly from the database.
Learn how SQL injection works, and explore advanced SQL injection attacks: https://iclass.eccouncil.org/product/web-application-hacking-security/
SQL Injection is a dangerous vulnerability. The transformation from a normal SQL to a malicious query. The successful SQL injection attack can lead to unauthorized access, change or delete data, and theft of information. Do not take SQL injection for granted.
OWASP Top 10 - Day 1 - A1 injection attacksMohamed Talaat
This is my power point slides for the OWASP Cairo Chapter event held in (Information Technology Institute) on 16/3/2019.
It's focused on SQL Injection attack, command and code injection and their mitigation, also at the last minutes in the presentation I made a demo on the blind sql injection attack using one of pentesterlab vulnerable machines.
• What is SQL injection ?
• Why is it harmful?
• Types of SQL injection attacks.
• How to identify SQL injection vulnerability.
• Exploiting SQL injection.
• How to protect Web Application from SQL injection.
Security in PHP Applications: An absolute must!Mark Niebergall
Security in PHP Applications: An absolute must!
Is you application secure? What does securely written code look like? In this presentation we will talk about what it takes to make a PHP application be written securely. We will focus on secure coding practices and discuss vulnerabilities that must be addressed, including SQL injection, XSS, user authentication and authorization, data validation, and data integrity. There will be example code and working examples to show you what works and what doesn't. We will also discuss how to bake security into system development life cycle and how to convince management that security issues must be addressed. You will come out of this presentation ready to become the Security Hero you've always wanted to be!
An overview of techniques for defending against SQL Injection using Python tools. This slide deck was presented at the DC Python Meetup on October 4th, 2011 by Edgar Roman, Sr Director of Application Development at PBS
Advanced SQL injection to operating system full control (slides)Bernardo Damele A. G.
Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.
It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).
These slides have been presented at Black Hat Euroe conference in Amsterdam on April 16, 2009.
Formation complète ici:
http://www.alphorm.com/tutoriel/formation-en-ligne-certified-ethical-hacker-v9-3-4-reussir-ceh-v9
Faisant suite à la deuxième formation CEH, votre MVP Hamza KONDAH vous a préparé la deuxième partie afin d’approfondir vos connaissances au monde en matière de piratage éthique.
Avec cette formation CEH vous allez découvrir plus de 270 attaques techniques et plus de 140 labs, avec un accès à plus de 2200 outils de piratages.
Dans cette formation CEH, vous allez comprendre le concept des trojan, Metasploit, des virus, et de Ver.
Pendant cette formation CEH, Hamza vous apprendra les techniques de Session Hijacking ainsi que ceux de hacking de serveurs et applications web, sans oublier les contremesures contre ce genre d’attaques.
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionChema Alonso
Talk delivered by Chema Alonso & Jose Palazon "Palako" in ShmooCON 2009 at Washington about SQL Injection, Blind SQL Injection, Time-Based Blind SQL Injection, RFD (Remote File Downloading) and Serialized SQL Injection. http://www.slideshare.net/chemai64/timebased-blind-sql-injection-using-heavy-queries-34887073
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015Scott Sutherland
This presentation will cover 10 common weak SQL Server configurations and the practical attacks that help hackers gain unauthorized access to data, applications, and systems. This will include a few demonstrations of the techniques that are being used during real-world attacks and penetration tests. This should be interesting to developers, new database admins, and aspiring penetration testers looking to gain a better understanding of the risks associated with weak SQL Server configurations.
Full Video Presentation: http://youtu.be/SIeMz6gCK3Q
Edgis Sharing Session – SQL Injection and Denial-of-Service Attacks
at School of Digital Media and Infocomm Technology, Singapore Polytechnic
September, 2011
MySQL is an ubiquitous open source database but do you know how make it secure? This talk is from the 2022 Texas Cyber Summit on how to do just that. Make sure you data and database are secure.
A pragmatic approach to different SQL Injection techniques such as Stacked statements, Tautology based, Union based, Error based, Second Order and Blind SQL Injection coherently explaining the path behind these attacks including tips and tricks to make them more likely to work in real life.
Also I will show you ways to avoid weak defenses as black listing and quote filtering as well as how privilege escalation may take place from this sort of vulnerabilities.
There will be a live demonstration where you can catch on some handy tools and actually see blind sql injection working efficiently with the latest techniques showing you why this type of SQL injection shouldn't be taken any less seriously than any other.
Finally, a word on countermeasures and real solutions to prevent these attacks, what you should do and what you should not.
http://videos.sapo.pt/ZvwITnTBMzD8HYvEZrov (video)
Applications are constantly under attack. Unfortunately, nearly all applications have no capability of detecting an attacker or responding before a breach occurs. Those applications sit passively and allow the attacker to constantly unleash attack after attack. Let's change the game and equip our application with the resources to detect an attack with high accuracy and respond in real time to prevent a compromise by eliminating the threat from the system.
In this talk we'll cover the OWASP AppSensor project – a project that details how to instrument an application to become attack aware and immediately respond to neutralize threats. This project is backed by multiple talented security experts that have been advancing the project for the past three years. AppSensor has been featured in the Department of Defense Cross Talk journal, presented at the US Department of Homeland Security resilient software conference and at security conferences around the world.
Devbeat Conference - Developer First SecurityMichael Coates
Topics include:
- Sample and Demo of Top Application Risks — Cross Site Scripting, SQL Injection, Access Control
- Who’s Monitoring Your Traffic? — Encrypting in Transit
Secure Data Storage & Protection — Correct Password
-Storage & Data Protection
-Growing Threats Plaguing Applications
These slides provide instructions on how to setup a virtual security training lab that uses OWASP Broken Web Apps, OWASP WebGoat, and OWASP ZAP running on top of Virtual Box.
Presented at OWASP AppSecUSA 2011
It's all about scale; how can an organization possibly keep up with a growing number of web applications, features, and supported capabilities with a limited security team? One option that has provided successful results for several companies is a bug bounty program. These programs successfully engage the world community and bring many eyes towards the common good.
This talk will discuss the benefits and risks of a bounty program for web applications. What types of organizations consider starting a bounty? How would an organization start such a program and what should they expect? Is the return worth the effort? How does such a program compete with the black market?
In addition to these topics, we will also discuss the progress, metrics and lessons learned from the Mozilla web application bounty that was launched in December 2010.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
8. Agenda
• Business risk of SQL Injection
• Understanding the vulnerability
• Attack scenarios
• Mitigation techniques
9. Fundamental Problem
• User controlled data improperly used with SQL statements
• Example Vulnerable Query:
sqlQ = “Select user from UserTable where name= '+username
+ ' and pass = '+password+ ' ”
Login: ___
My username is o’malley ?
Pass: ____
10. Fundamental Problem
• User controlled data improperly used with SQL statements
• o’malley scenario
Select user from UserTable where name= 'o'malley' and pass = 'foo'
• Result: Error, syntax is not valid
Error: Invalid syntax
11. Agenda
• Business risk of SQL Injection
• Understanding the vulnerability
• Attack scenarios
• Mitigation techniques
12. SQL Attack Examples
• Basic SQL Injection Tests:
OR 1=1 --
' OR '1'= '1'--
• Select user from UserTable where name= 'joe' and pass = ' ' OR '1'= '1'-- '
• Looks for username of joe and password of (blank || TRUE)
13. Variations
• SQL Injection
• Error message or different text returned based on SQL
statement results
• Example: Error message, db data displayed in page
• Blind SQL Injection
• No visible response to user indicating success of fail of
query
14. Blind SQL Injection
• Use time of results to deduce boolean
• Injected SQL uses IF statements and delays to enumerate
data, 1 char at a time
15. Blind SQL Examples
mysql> select * from example;
+----+-----------------+------+
| id | name | age |
+----+-----------------+------+
| 1 | Timmy Mellowman | 23 |
Text|
| 2 | Sandy Smith | 21
+----+-----------------+------+
2 rows in set (0.00 sec)
16. Blind SQL Examples
• mysql> SELECT IF( name = 'Sandy Smith',
BENCHMARK(1000000,MD5( 'x' )),NULL) FROM example;
• Command line result - 2 rows in set (5.25 sec)
• mysql> SELECT IF( name = 'Joe Bob',
BENCHMARK(1000000,MD5( 'x' )),NULL) FROM example;
• Command line result - 2 rows in set (0.00 sec)
• The actual data returned is not important the delay indicates
True of False
+----+-----------------+------+
| 1 | Timmy Mellowman | 23 |
| 2 | Sandy Smith | 21 |
+----+-----------------+------+
17. Blind SQL Injection
• mysql> select headerName from header_store UNION select
IF(SUBSTRING(name,
1,1)='T',BENCHMARK(1000000,MD5( 'x' )),'y') from example
where age=23 limit 1;
• 1 row in set (6.01 sec)
• Test if the first character of "name" from the example table
(where age=23) is the letter T.
+----+-----------------+------+
| 1 | Timmy Mellowman | 23 |
18. WebGoat
• Click First Link - OWASP WebGoat version 5.3.x
• Username / Password is guest / guest
20. Using A Proxy
• Burp - Configure to listen on 8080
• Ensure “loopback only” is checked (will be by default)
21. Set Firefox Proxy
• Set Firefox proxy to 8080
• Preferences
-> Advanced
-> Network
-> Settings
• Set HTTP Proxy
• Important - clear
“No Proxy for” line
22. Confirm Setup Works
• Refresh Web Browser - it should hang
• Go to Burp -> Proxy -> Intercept (they are highlighted)
• Click “Forward” for all messages
• Should now see page in browser
23. Confirm Setup Works
• Intercept is on
• Each request will be caught by proxy
• Requires you to hit forward each time
• Intercept is off
• Requests sent through proxy automatically
• Logged in tab “proxy”->”history”
24. “Hello World” of Proxies
• Lesson: General->Http Basic
• Objective:
• Enter your name into text box
• Intercept with proxy & change entered name to different
value
• Receive response & observe modified value is reversed
Joe Sue
Attacker’s euS euS
Web Proxy Web Server
Browser
25. SQL Injection
• Problem: User controlled data improperly used with SQL
statements
• Impact: Arbitrary SQL Execution, Data Corruption, Data Theft
• Basic SQL Injection Tests:
OR 1=1 --
' OR '1'= '1'--
• Example Vulnerable Query:
sqlQ = “Select user from UserTable where name= '+username+
' and pass = '+password+ ' ”
27. SQL Injection
• Lesson: Injection Flaws -> Lab: SQL Injection -> Stage
1: String SQL Injection
• Proxy Needed
• Objective: Bypass the login page by inserting
“control” characters. Login as “Neville” w/o
knowledge of the password
28. SQL Injection
• HTTP Post
employee_id=112&password=x' OR '1'='1&action=Login
• Vulnerable SQL
Select user from UserTable where name= '+username+ ' and
pass = '+password+ '
Select user from UserTable where name= '112' and
pass = 'x' OR '1'='1'
• Result: ... name = ' 112 ' and pass = 'x ' OR TRUE
29. Agenda
• Business risk of SQL Injection
• Understanding the vulnerability
• Attack scenarios
• Mitigation techniques
30. SQL Injection
• Parameterized Queries
No confusion with control characters
• Input Validation
Are special characters needed for most fields?
What about non-printable characters %00-%0A?
Just a layer of defense - remember o’malley example
31. Parameterized Query
• HTTP Post
employee_id=112&password=x' OR '1'='1&action=Login
• Parameterized Query
Look for employee_id 112 with password of x' OR '1'='1
• Result: Login fail - password is foo not x' OR '1'='1
32. Language Examples
• User data + string concatenation == SQL injection disaster
• DJANGO
• Model Query API-> Safe
• raw() manager -> Dangerous, Avoid!
• Java
String query = "SELECT account_balance FROM user_data WHERE user_name = ? ";
PreparedStatement pstmt = connection.prepareStatement( query );
pstmt.setString( 1, custname);
ResultSet results = pstmt.executeQuery( );
34. Questions
• Next Events
• Aug 24 - CEF Logging for Attack Aware Applications
• Aug 25 - OWASP Bay Area Chapter Meeting
• https://wiki.mozilla.org/index.php?
title=WebAppSec#Schedule