SQL injection is a code injection technique used to attack data-driven applications that use SQL queries to access a backend database. An attacker can insert malicious SQL statements into the login form of a web application to gain unauthorized access to the database. The document discusses what SQL injection is, types of SQL injection like in-band and out-of-band, and provides examples. It also notes that SQL injection is a serious problem that can allow attackers to delete, modify or steal data. Suggested solutions include input validation, prepared statements, and minimizing database privileges.
SQL injection is a code injection technique where malicious SQL statements are inserted into an entry field for execution (usually to gain access to a database). It works by exploiting applications that concatenate SQL statements and user input without validation or encoding. The document discusses types of SQL injection like error-based, union-based, and blind SQL injection. It also provides examples of SQL injection and recommendations to avoid it like using prepared statements with bound variables and checking/sanitizing all user input.
This presentation was given at the November 2012 chapter meeting of the Memphis ISSA. In the presentation, I discuss various methods of exploiting common SQL Injection vulnerabilities, as well as present a specialized technique known as Time-Based Blind SQL Injection. Related to the latter, I give a scenario in which other common forms of SQL Injection would fail to produce results for a penetration tester or attacker, and show how one may overcome this situation by using the specialized technique. The scenario given, along with the sample code, is NOT a contrived example, but instead is closely based on a real-world application that I encountered as part of an assessment.
A live demonstration of the common forms of SQL Injection was also given which utilized the OWASP Broken Web Apps VM, DVWA, Burp Proxy and SQL Power Injector. To demo a real-world time-based blind injection, I created and locally hosted a new application which closely mimicked the real-world application mentioned above.
This document discusses SQL injection, which is a security vulnerability that allows attackers to interfere with how a database operates. SQL injection occurs when user input is not sanitized and is used directly in SQL queries, allowing attackers to alter the structure and meaning of queries. The document provides an example of how an attacker could log in without a password by adding SQL code to the username field. It also lists some common SQL injection techniques like using comments, concatenation, and wildcards. Finally, it points to additional online resources for learning more about SQL injection and database security.
The document discusses SQL injection attacks, including what SQL injection is, types of SQL injection attacks such as first and second order attacks, mechanisms for injection through user input or cookies, and techniques for preventing SQL injection like defensive coding practices and input validation. SQL injection is a code injection technique where malicious SQL statements are inserted into an entry field for execution by the backend database, allowing attackers to view or manipulate restricted data in the database. The document provides examples of SQL injection and explores ways attackers can infer information and encode attacks despite prevention methods.
SQL injection is a code injection technique used to attack data-driven applications that use SQL queries to access a backend database. An attacker can insert malicious SQL statements into the login form of a web application to gain unauthorized access to the database. The document discusses what SQL injection is, types of SQL injection like in-band and out-of-band, and provides examples. It also notes that SQL injection is a serious problem that can allow attackers to delete, modify or steal data. Suggested solutions include input validation, prepared statements, and minimizing database privileges.
SQL injection is a code injection technique where malicious SQL statements are inserted into an entry field for execution (usually to gain access to a database). It works by exploiting applications that concatenate SQL statements and user input without validation or encoding. The document discusses types of SQL injection like error-based, union-based, and blind SQL injection. It also provides examples of SQL injection and recommendations to avoid it like using prepared statements with bound variables and checking/sanitizing all user input.
This presentation was given at the November 2012 chapter meeting of the Memphis ISSA. In the presentation, I discuss various methods of exploiting common SQL Injection vulnerabilities, as well as present a specialized technique known as Time-Based Blind SQL Injection. Related to the latter, I give a scenario in which other common forms of SQL Injection would fail to produce results for a penetration tester or attacker, and show how one may overcome this situation by using the specialized technique. The scenario given, along with the sample code, is NOT a contrived example, but instead is closely based on a real-world application that I encountered as part of an assessment.
A live demonstration of the common forms of SQL Injection was also given which utilized the OWASP Broken Web Apps VM, DVWA, Burp Proxy and SQL Power Injector. To demo a real-world time-based blind injection, I created and locally hosted a new application which closely mimicked the real-world application mentioned above.
This document discusses SQL injection, which is a security vulnerability that allows attackers to interfere with how a database operates. SQL injection occurs when user input is not sanitized and is used directly in SQL queries, allowing attackers to alter the structure and meaning of queries. The document provides an example of how an attacker could log in without a password by adding SQL code to the username field. It also lists some common SQL injection techniques like using comments, concatenation, and wildcards. Finally, it points to additional online resources for learning more about SQL injection and database security.
The document discusses SQL injection attacks, including what SQL injection is, types of SQL injection attacks such as first and second order attacks, mechanisms for injection through user input or cookies, and techniques for preventing SQL injection like defensive coding practices and input validation. SQL injection is a code injection technique where malicious SQL statements are inserted into an entry field for execution by the backend database, allowing attackers to view or manipulate restricted data in the database. The document provides examples of SQL injection and explores ways attackers can infer information and encode attacks despite prevention methods.
The document discusses SQL injection and GreenSQL. SQL injection is a code injection technique that allows attackers to gain unauthorized access to databases. GreenSQL is a database firewall that works as a proxy for SQL commands, calculates query risks, and supports different protection modes like IDS, IPS, and learning modes. It fingerprints databases and detects risky queries like stack-based and tautological queries. GreenSQL provides a dashboard to monitor queries and configure whitelist rules and alerts.
This document discusses SQL injection and the sqlmap tool for automating the process of detecting and exploiting SQL injection flaws. Some key points:
- SQL is a programming language used to manage data in relational database management systems. SQL injection occurs when malicious SQL code is inserted into an entry field for execution, potentially enabling control of the entire database.
- Sqlmap automates the process of detecting and exploiting SQL injection vulnerabilities. It has capabilities like database fingerprinting, data extraction, accessing the underlying file system, and executing commands on the operating system via SQL injections.
- The tool can detect injectable parameters, generate automatic payloads to retrieve data, fingerprint the database management system, and provide an interactive SQL shell
SQL injection is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution.
This is a method to attack web applications that have a data repository.The
attacker would send a specially crafted SQL statement that is designed to cause
some malicious action.SQL injection is an attack technique that exploits a security
vulnerability occurring in the database layer of an application and a service. This
is most often found within web pages with dynamic content.
The document discusses SQL injection, which occurs when malicious SQL commands are injected into a backend database. It provides examples of how SQL injection can be used to bypass authentication or retrieve sensitive data from a database. The document then discusses various techniques for preventing SQL injection, including using stored procedures, parameterized queries, and object-relational mappers like Entity Framework and NHibernate which help protect against injection attacks.
SQL injection is a type of attack where malicious SQL code is injected into an application's database query, potentially exposing or modifying private data. Attackers can bypass logins, access secret data, modify website contents, or shut down databases. SQL injection occurs when user input is not sanitized before being used in SQL queries. Attackers first find vulnerable websites, then check for errors to determine the number of columns. They use "union select" statements to discover which columns are responsive to queries, allowing them to extract data like user credentials or database contents. Developers should sanitize all user inputs to prevent SQL injection attacks.
Understanding and preventing sql injection attacksKevin Kline
SQL Injection attacks are one of the most common hacker tricks used on the web. Learn what a SQL injection attack is and why you should be concerned about them.
This all new session is loaded with demos. You’ll get to witness first-hand several different types of SQL injection attacks, how to find them, and how to block them.
SQL injections are a type of attack on databases that use SQL code to access unauthorized data. Attackers can use SQL injections to steal login credentials, manipulate user data, or delete accounts by inserting malicious SQL code through vulnerable website login forms. While SQL injections have been a known threat for over 15 years, they remain one of the biggest risks to websites and databases today. Developers can prevent SQL injections through input validation, using prepared statements, patching vulnerabilities, and employing web application firewalls.
This document provides an introduction to SQL injection basics. It defines SQL injection as executing a SQL query or statement by injecting it into a user input field. The document outlines why SQL injection is studied, provides a sample database structure, and describes generic SQL queries and operators like UNION and ORDER BY. It also categorizes different types of SQL injection and attacks. The remainder of the document previews upcoming topics on blind SQL injection, data extraction techniques, and prevention.
The document discusses SQL injection, including its types, methodology, attack queries, and prevention. SQL injection is a code injection technique where a hacker manipulates SQL commands to access a database and sensitive information. It can result in identity spoofing, modifying data, gaining administrative privileges, denial of service attacks, and more. The document outlines the steps of a SQL injection attack and types of queries used. Prevention methods include minimizing privileges, coding standards, and firewalls.
This document provides a tutorial on SQL injection, including:
- Explaining what SQL injection is and how it works by exploiting vulnerabilities in database queries
- Steps to test for SQL injection vulnerabilities like determining the database type and getting environment information
- Methods for extracting data through SQL injection like getting database, table, and column names and record data
- Recommending the use of automated SQL injection scanning tools like WebCruiser to more efficiently test for and exploit SQL injection vulnerabilities
- Instructions for setting up sample PHP/MySQL and ASP/SQL Server testing environments to practice SQL injection techniques
This document discusses SQL injection, including what it is, different types, and how to exploit it. It begins with an introduction to SQL injection, describing error-based, time-based, and boolean-based SQLi. It then covers exploiting SQLi to compromise databases by uploading shells and using SQLmap. The remainder demonstrates SQLi techniques like union queries, extracting data, and bypassing filters. Tools, methodology, and resources for further learning are also mentioned.
This document discusses an advanced blind SQL injection attack technique using regular expressions. It begins by introducing SQL injection and traditional blind SQL injection attacks. It then describes a new method that uses regular expressions to more quickly extract metadata like database tables, columns, and data values from a database. The technique conducts a binary search-like process, progressively narrowing the search range with each query to efficiently determine database schema and extract information without errors or output. The document evaluates this technique as faster than traditional blind SQL injection attacks. It concludes by discussing precautions like input validation to prevent SQL injection vulnerabilities.
This document provides information about Venkatesan Prabu Jayakantham (Venkat), the Managing Director of KAASHIVINFOTECH, a software company in Chennai. It outlines Venkat's experience in Microsoft technologies and certifications. It also describes KAASHIVINFOTECH's inplant training programs for students in fields like engineering, electronics, and mechanical. The training focuses on developing technical skills through hands-on demos and projects.
SQL injection attacks involve inserting malicious SQL statements into user input on a web form to manipulate the database. For example, a search term like "blah' OR 'x'='x" could return the entire database table instead of just search results. Without proper input validation and output encoding, an attacker could delete database tables or obtain sensitive data. Developers can prevent SQL injection by escaping special characters, validating input syntax, limiting database permissions, and using bound parameters instead of concatenating user input into queries.
Mahika Tutorials sharing Java Spring Framework Tutorials. You can visit our YouTube Page for Video Session also : https://www.youtube.com/c/mahikatutorials
The document discusses how to prevent JavaScript injection attacks in ASP.NET MVC applications. It describes a customer feedback website that is vulnerable to JavaScript injection by displaying user-submitted content without encoding. It then presents two approaches to prevent this: 1) HTML encoding user data when displayed in views, and 2) HTML encoding user data before saving to the database in controllers. Encoding replaces dangerous HTML characters to neutralize malicious JavaScript while preserving the data's meaning.
SQL injection is a code injection technique that attacks data-driven applications. It involves inserting malicious SQL statements into entry fields that are then executed by the database. There are different types of SQL injection attacks, including directly injecting code to immediately execute or injecting into persistent storage to be triggered later. Injection can occur through user input, cookies, or server variables. Prevention techniques aim to stop these types of attacks from harming databases.
This document provides an overview of ASP.NET applications, including common file types like .aspx and .ascx pages, application directories, server controls, and the Page class. It also discusses application configuration using the web.config file and global application events handled in global.asax. Each ASP.NET application runs isolated in its own application domain with separate resources.
This document provides a tutorial on exploiting MySQL injection vulnerabilities to extract information from a database. It begins by introducing SQL injection and MySQL. It then walks through testing for vulnerabilities, exploiting a sample site to get the MySQL version, user, databases, tables, and columns. The document demonstrates how to use these techniques to retrieve usernames and passwords stored in the database. The goal is to illustrate how an attacker can access sensitive information by chaining together SQL injection commands.
The document describes Punke.rs, a collaboration and project management app. It provides structured collaboration through clear decisions and actions. It has security features like encryption and hosting in Europe. The app includes features like an intelligent assistant, external freelancing marketplace, and works with customers. Financial projections show growing revenue and customers through 2021.
Why Traditional Web Security Technologies no Longer Suffice to Keep You SafePhilippe De Ryck
The slides from an overview presentation of how the Web, and Web security, have changed in the last few years. This talk has been given at various public and private venues. Get in touch if you want to invite me to your company or tech group!
The document discusses SQL injection and GreenSQL. SQL injection is a code injection technique that allows attackers to gain unauthorized access to databases. GreenSQL is a database firewall that works as a proxy for SQL commands, calculates query risks, and supports different protection modes like IDS, IPS, and learning modes. It fingerprints databases and detects risky queries like stack-based and tautological queries. GreenSQL provides a dashboard to monitor queries and configure whitelist rules and alerts.
This document discusses SQL injection and the sqlmap tool for automating the process of detecting and exploiting SQL injection flaws. Some key points:
- SQL is a programming language used to manage data in relational database management systems. SQL injection occurs when malicious SQL code is inserted into an entry field for execution, potentially enabling control of the entire database.
- Sqlmap automates the process of detecting and exploiting SQL injection vulnerabilities. It has capabilities like database fingerprinting, data extraction, accessing the underlying file system, and executing commands on the operating system via SQL injections.
- The tool can detect injectable parameters, generate automatic payloads to retrieve data, fingerprint the database management system, and provide an interactive SQL shell
SQL injection is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution.
This is a method to attack web applications that have a data repository.The
attacker would send a specially crafted SQL statement that is designed to cause
some malicious action.SQL injection is an attack technique that exploits a security
vulnerability occurring in the database layer of an application and a service. This
is most often found within web pages with dynamic content.
The document discusses SQL injection, which occurs when malicious SQL commands are injected into a backend database. It provides examples of how SQL injection can be used to bypass authentication or retrieve sensitive data from a database. The document then discusses various techniques for preventing SQL injection, including using stored procedures, parameterized queries, and object-relational mappers like Entity Framework and NHibernate which help protect against injection attacks.
SQL injection is a type of attack where malicious SQL code is injected into an application's database query, potentially exposing or modifying private data. Attackers can bypass logins, access secret data, modify website contents, or shut down databases. SQL injection occurs when user input is not sanitized before being used in SQL queries. Attackers first find vulnerable websites, then check for errors to determine the number of columns. They use "union select" statements to discover which columns are responsive to queries, allowing them to extract data like user credentials or database contents. Developers should sanitize all user inputs to prevent SQL injection attacks.
Understanding and preventing sql injection attacksKevin Kline
SQL Injection attacks are one of the most common hacker tricks used on the web. Learn what a SQL injection attack is and why you should be concerned about them.
This all new session is loaded with demos. You’ll get to witness first-hand several different types of SQL injection attacks, how to find them, and how to block them.
SQL injections are a type of attack on databases that use SQL code to access unauthorized data. Attackers can use SQL injections to steal login credentials, manipulate user data, or delete accounts by inserting malicious SQL code through vulnerable website login forms. While SQL injections have been a known threat for over 15 years, they remain one of the biggest risks to websites and databases today. Developers can prevent SQL injections through input validation, using prepared statements, patching vulnerabilities, and employing web application firewalls.
This document provides an introduction to SQL injection basics. It defines SQL injection as executing a SQL query or statement by injecting it into a user input field. The document outlines why SQL injection is studied, provides a sample database structure, and describes generic SQL queries and operators like UNION and ORDER BY. It also categorizes different types of SQL injection and attacks. The remainder of the document previews upcoming topics on blind SQL injection, data extraction techniques, and prevention.
The document discusses SQL injection, including its types, methodology, attack queries, and prevention. SQL injection is a code injection technique where a hacker manipulates SQL commands to access a database and sensitive information. It can result in identity spoofing, modifying data, gaining administrative privileges, denial of service attacks, and more. The document outlines the steps of a SQL injection attack and types of queries used. Prevention methods include minimizing privileges, coding standards, and firewalls.
This document provides a tutorial on SQL injection, including:
- Explaining what SQL injection is and how it works by exploiting vulnerabilities in database queries
- Steps to test for SQL injection vulnerabilities like determining the database type and getting environment information
- Methods for extracting data through SQL injection like getting database, table, and column names and record data
- Recommending the use of automated SQL injection scanning tools like WebCruiser to more efficiently test for and exploit SQL injection vulnerabilities
- Instructions for setting up sample PHP/MySQL and ASP/SQL Server testing environments to practice SQL injection techniques
This document discusses SQL injection, including what it is, different types, and how to exploit it. It begins with an introduction to SQL injection, describing error-based, time-based, and boolean-based SQLi. It then covers exploiting SQLi to compromise databases by uploading shells and using SQLmap. The remainder demonstrates SQLi techniques like union queries, extracting data, and bypassing filters. Tools, methodology, and resources for further learning are also mentioned.
This document discusses an advanced blind SQL injection attack technique using regular expressions. It begins by introducing SQL injection and traditional blind SQL injection attacks. It then describes a new method that uses regular expressions to more quickly extract metadata like database tables, columns, and data values from a database. The technique conducts a binary search-like process, progressively narrowing the search range with each query to efficiently determine database schema and extract information without errors or output. The document evaluates this technique as faster than traditional blind SQL injection attacks. It concludes by discussing precautions like input validation to prevent SQL injection vulnerabilities.
This document provides information about Venkatesan Prabu Jayakantham (Venkat), the Managing Director of KAASHIVINFOTECH, a software company in Chennai. It outlines Venkat's experience in Microsoft technologies and certifications. It also describes KAASHIVINFOTECH's inplant training programs for students in fields like engineering, electronics, and mechanical. The training focuses on developing technical skills through hands-on demos and projects.
SQL injection attacks involve inserting malicious SQL statements into user input on a web form to manipulate the database. For example, a search term like "blah' OR 'x'='x" could return the entire database table instead of just search results. Without proper input validation and output encoding, an attacker could delete database tables or obtain sensitive data. Developers can prevent SQL injection by escaping special characters, validating input syntax, limiting database permissions, and using bound parameters instead of concatenating user input into queries.
Mahika Tutorials sharing Java Spring Framework Tutorials. You can visit our YouTube Page for Video Session also : https://www.youtube.com/c/mahikatutorials
The document discusses how to prevent JavaScript injection attacks in ASP.NET MVC applications. It describes a customer feedback website that is vulnerable to JavaScript injection by displaying user-submitted content without encoding. It then presents two approaches to prevent this: 1) HTML encoding user data when displayed in views, and 2) HTML encoding user data before saving to the database in controllers. Encoding replaces dangerous HTML characters to neutralize malicious JavaScript while preserving the data's meaning.
SQL injection is a code injection technique that attacks data-driven applications. It involves inserting malicious SQL statements into entry fields that are then executed by the database. There are different types of SQL injection attacks, including directly injecting code to immediately execute or injecting into persistent storage to be triggered later. Injection can occur through user input, cookies, or server variables. Prevention techniques aim to stop these types of attacks from harming databases.
This document provides an overview of ASP.NET applications, including common file types like .aspx and .ascx pages, application directories, server controls, and the Page class. It also discusses application configuration using the web.config file and global application events handled in global.asax. Each ASP.NET application runs isolated in its own application domain with separate resources.
This document provides a tutorial on exploiting MySQL injection vulnerabilities to extract information from a database. It begins by introducing SQL injection and MySQL. It then walks through testing for vulnerabilities, exploiting a sample site to get the MySQL version, user, databases, tables, and columns. The document demonstrates how to use these techniques to retrieve usernames and passwords stored in the database. The goal is to illustrate how an attacker can access sensitive information by chaining together SQL injection commands.
The document describes Punke.rs, a collaboration and project management app. It provides structured collaboration through clear decisions and actions. It has security features like encryption and hosting in Europe. The app includes features like an intelligent assistant, external freelancing marketplace, and works with customers. Financial projections show growing revenue and customers through 2021.
Why Traditional Web Security Technologies no Longer Suffice to Keep You SafePhilippe De Ryck
The slides from an overview presentation of how the Web, and Web security, have changed in the last few years. This talk has been given at various public and private venues. Get in touch if you want to invite me to your company or tech group!
How to Launch a Web Security Service in an HourCyren, Inc
Want to find out how to launch your very own web security service in less than an hour? We take a deep dive into the fastest growing security market, explore the limitations of existing solutions, and demonstrate how to take your Web security “to the cloud” today.
Web security: OWASP project, CSRF threat and solutionsFabio Lombardi
In a society in where we can all see an exponential growth in hacking attacks, this presentation raises awareness of web security vulnerabilities, what web developers can do to protect their web applications and which tools are available to ease the task.
In particular, I'm going to provide an overview on the OWASP top ten vulnerabilities, then focusing on CSRF (Cross-Site Request Forgery) attack, showing how it works, the impacts it can have, and how it is possible to prevent it.
Finally, I will briefly describe the OWASP LAPSE project, a useful Eclipse plugin for detecting vulnerabilities in Java EE applications.
The topic, covering Web Application Forensics is challenging. There are not enough references,
discussing this subject, especially in the Scientific communities. Often is the the term 'Web
Application Forensics' misunderstood and mixed with IDS/ IPS defensive security approaches.
Another issue is to discern the Web Application Forensics, short Webapp Forensics, from Network
Forensics and Web Services Forensics, and in general to allocate it in the Digital/ Computer
Forensics classification.
Nowadays, Web Platforms are vastly growing, not to mention the so called Web 2.0 hype.
Furthermore, Business Web Applications blast the common security knowledge and premise rapid
inventory of the current security best practices and approaches. The questions, concerning the
automation of the security defensive and investigation methods, are becoming undeniable
important.
In this paper we should try to dispute the questions, concerning taxonomic approaches regarding the
Webapp Forensics; discuss trends, referenced to this topic and debate the matter of automation tools
for Webapp forensics.
IBWAS 2010: Web Security From an Auditor's StandpointLuis Grangeia
In this talk I will attempt to share my experience of over 10 years conducting Web Application security assessments. I will present the current panorama of Web application security practices and talk about what are we doing well and how we can do better. Also, the Web 2.0 has sparked a “social revolution” of the Web, how can security benefit from that revolution?
Presented at https://www.owasp.org/index.php/OWASP_IBWAS10
This presentation provides an overview of web security, web security with Cisco Ironport, web security with Cisco Scansafe, and the road to hybrid security.
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
Cognitive Threat Analytics is a technology that analyzes web requests to identify Command & Control traffic, identifying threats that are currently present in a network. It is currently available across the entire Cisco Web Security portfolio, including Cloud Web Security (CWS) and the Web Security Appliance (WSA). To learn more, watch this webinar: http://cs.co/9000BuggO
SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server (also commonly referred to as a Relational Database Management System – RDBMS).
SQL injection is a type of attack where malicious SQL statements are inserted into an entry field for execution behind the scenes. It can be used to read or modify data in the database without authorization. Attackers can exploit vulnerabilities in an application's use of dynamic SQL queries constructed from user input. Common techniques for SQL injection include altering queries to return additional records or modify database content. Developers can prevent SQL injection by sanitizing all user input, using parameterized queries, and granting only necessary privileges to database users.
SQL injection is a common web application security vulnerability that allows attackers to control an application's database by tricking the application into sending unexpected SQL commands to the database. It works by submitting malicious SQL code as input, which gets executed by the database since the application concatenates user input directly into SQL queries. The key to preventing SQL injection is using prepared statements with bound parameters instead of building SQL queries through string concatenation. This separates the SQL statement from any user-supplied input that could contain malicious code.
This document discusses SQL injection attacks and proposes a parser to prevent them. It begins with an introduction that describes the architecture of web applications and databases, and how SQL injection exploits vulnerabilities in this architecture. It then provides an overview of SQL injection attacks, explaining how malicious SQL commands can be inserted to trick applications into executing unintended queries. The document proposes a parser that determines if queries are functionally equivalent to prevent SQL injection. It was tested on a sample application and results were positive. In the next sections, the document discusses the working of SQL injections in more detail and categorizes different types of SQL injection attacks.
The document discusses SQL injection prevention through an adaptive algorithm. It first describes how SQL injections work by exploiting vulnerabilities in web applications that use client-supplied data in SQL queries. It then proposes a novel method that uses parse tree validation and code conversion techniques to detect and prevent SQL injection attacks, especially during the login phase. The method is described as being simple and effective.
SQL Injection Prevention by Adaptive AlgorithmIOSR Journals
The document proposes an adaptive algorithm to prevent SQL injection attacks. It first surveys different SQL injection methods like tautology attacks, piggybacked queries, union queries, and illegal queries. It then analyzes existing techniques like parse tree validation and code conversion. The proposed method combines these techniques by parsing user input, checking for vulnerabilities, and applying code conversion if needed. The algorithm is implemented in PHP and MySQL and results show it can sanitize input securely without performance overhead. The adaptive approach provides stronger security than existing individual techniques.
The document discusses developing secure web applications. It proposes using input validation, encryption of sensitive data, preventing SQL injection attacks, and collecting access logs. Input is validated by only allowing a whitelist of known good characters. Sensitive data like passwords are encrypted using an encryption algorithm. SQL injection is prevented by replacing malicious strings with blank spaces. Access logs record client IP addresses and page requests to trace activity and block malicious IPs. The techniques aim to make web applications and data more secure against common attacks like SQL injection, brute force, and denial of service.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
SQL injection is a common web application vulnerability that allows attackers to inject malicious SQL statements into an application's database. It can allow data leakage, modification, denial of access, and complete host takeover. SQL injection occurs when user-supplied input is not properly sanitized before being used in SQL queries. Developers can prevent SQL injection by using prepared statements with parameterized queries, stored procedures, and properly escaping all user input. Web application firewalls and additional defenses like whitelist input validation can also help mitigate SQL injection risks.
SQL injection is a web security vulnerability that allows attackers to interfere with or gain access to a database through a web application. It occurs when user input is not validated for SQL keywords and special characters that could modify the intended SQL queries. Attackers can use SQL injection to read sensitive data from the database, modify database contents, or even execute administrative operations. Proper input validation and output encoding can help prevent SQL injection attacks.
The document discusses various types of attacks against web applications, including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). SQL injection occurs when untrusted user input is inserted into SQL queries without proper validation/sanitization, allowing attackers to alter queries for unauthorized data access or modification. XSS happens when a web app displays user input without sanitization, allowing scripts to be injected and run in a victim's browser in the context of the vulnerable site. CSRF tricks the victim's browser into unknowingly executing unauthorized commands by forging legitimate requests. Examples are provided for each type of attack.
The document discusses various web security topics such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and parameter tampering. It provides examples of these vulnerabilities and methods to prevent them, including input validation, output encoding, anti-forgery tokens, and limiting exposed functionality. The document is intended as an educational guide on common web security issues and best practices.
This document discusses SQL injection attacks and how to prevent them. It describes different types of SQL injection like blind SQL injection and union-based injection. It provides examples of vulnerable code and how attackers can exploit it. Finally, it recommends best practices for prevention, including using parameterized queries, stored procedures, input validation, and secure configuration.
The document discusses various web application security issues like SQL injection, input validation, cross-site scripting and provides recommendations to prevent these vulnerabilities when developing PHP applications. It emphasizes the importance of validating all user inputs, using prepared statements and output encoding to prevent code injection attacks and ensuring session security. The document also covers other attacks like cross-site request forgery and provides mitigation techniques.
The document discusses web application security and SQL injections. It defines a web application as any application served via HTTP/HTTPS from a remote server. Web applications often collect sensitive personal data, so security is important to protect privacy and limit legal liability. Hackers can exploit vulnerabilities like SQL injections to access unauthorized data. The document outlines common SQL injection techniques, like modifying queries with additional commands or UNION operators, and recommends best practices like parameterized queries and input validation to prevent SQL injections.
The document discusses SQL injection and GreenSQL. SQL injection is a code injection technique that allows attackers to gain unauthorized access to databases. GreenSQL is a database firewall that works as a proxy for SQL commands, calculates query risks, and supports different protection modes like IDS, IPS, and learning modes. It fingerprints databases and detects risky queries like stack-based and tautological queries. GreenSQL provides a dashboard to monitor queries and configure whitelist rules and alerts.
This document discusses SQL injection attacks and how to mitigate them. It begins by explaining how injection attacks work by tricking applications into executing unintended commands. It then provides examples of how SQL injection can be used to conduct unauthorized access and data modification attacks. The document discusses techniques for finding and exploiting SQL injection vulnerabilities, including through the SELECT, INSERT, UPDATE and UNION commands. It also covers ways to mitigate injection attacks, such as using prepared statements with bound parameters instead of concatenating strings.
This document discusses blind SQL injection vulnerabilities. It explains that even if error messages are disabled, applications may still be vulnerable to blind SQL injection attacks where the attacker can make true/false queries to extract information from the database. It provides an example of how an attacker could extract the name of a database table one character at a time using such queries. The document recommends moving all SQL statements to stored procedures to prevent user input from modifying the syntax of queries.
This document discusses blind SQL injection vulnerabilities. It explains that even if error messages are disabled, applications may still be vulnerable to blind SQL injection attacks where the attacker can make true/false queries to extract information from the database. It provides an example of how an attacker could extract the name of a database table one character at a time using such queries. The document recommends moving all SQL statements to stored procedures to prevent user input from modifying the syntax of queries.
The document discusses common coding errors in ASP scripts that can lead to security vulnerabilities. It covers three main categories: input validation issues, problems with managing state predictably and securely, and source code maintenance issues. Specific problems discussed include insufficient validation of user-supplied input used in SQL queries, which can enable SQL injection attacks, poor randomness or predictability of session IDs, hardcoded credentials, and debugging code left enabled. The document provides examples of each issue and recommendations for more secure coding practices.
Similar to Web security with Eng Ahmed Galal and Eng Ramy saeid (20)
Physiology and chemistry of skin and pigmentation, hairs, scalp, lips and nail, Cleansing cream, Lotions, Face powders, Face packs, Lipsticks, Bath products, soaps and baby product,
Preparation and standardization of the following : Tonic, Bleaches, Dentifrices and Mouth washes & Tooth Pastes, Cosmetics for Nails.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
3. OVERVIEW
Introduction
SQL Injection
SQL Injection mitigation
Test SQL Injection Vulnerabilities (SQLIVs) in
Web Applications Based on Structure
Matching (SMART)
Conclusion
4. Web Applications
In computing, a web application is
any application that uses a web browser as a
client
With the rapid development of Internet, web
applications involving database component
become more and more popular.
Structured Query Language (SQL)is the major
language to interact with database systems ,
such as MS SQL Server, Oracle, Access, MySQL,
etc.
5. SQL injection
SQL injection is a code injection technique, used
to attack data driven applications, in which
malicious SQL statements are inserted into an
entry field for execution
SQL injection must exploit a security
vulnerability in an application's software
6. SQL injection
Ex: Suppose that a specific web application uses
the following code for user authentication:
String query = "SELECT accounts FROM users
WHERE login = ' " + login + "' AND pass= ' " +
pass + " ''';
7. Normal behavior
If the login and pass fields are filled with “Ali” and
”33214” the resulted query will be
SELECT accounts FROM users WHERE login = „Ali'
AND pass= „33214„
This query will return true only if the login name “Ali”
and the password “33214” exists in the DB
8. Injected SQL statement
If the login and pass fields are filled with “admin” and ” '
or '1'='1 ” the resulted query will be
SELECT accounts FROM users WHERE login='admin„
AND pass = „‟ or „1‟=„1‟
In this situation, the WHERE clause always has a true
value, and contributes to a query result of all the
accounts in table users
If the web application takes the first record to be the
authenticated user, the user authentication mechanism
would be broken by SQL injection
9. Injected SQL statement cont.
Imagine If we filled the pass field with the following
SQL statement
a„ ; DROP TABLE users; SELECT * FROM userinfo
WHERE 't' = 't
SELECT accounts FROM users WHERE
login='admin„ AND pass = „a‟ ; DROP TABLE users;
SELECT * FROM userinfo WHERE 't' = 't‟
10. SQL injection in URL
Ex: Suppose that a specific website have the following URL
for showing books review depending on book ID
Original URL:
http://books.example.com/showReview.php?ID=
5
Injected URL:
http://books.example.com/showReview.php?ID=5 AN
D 1=1
Resulted SQL query :
SELECT * FROM bookreviews WHERE ID = 5 AND 1=1;
11. Mitigation
1- Prepared statement
2- Escaping
Franks's Oracle site => Franks„‟s Oracle site
A ''double quoted'' word => A “”double quoted””
word
12. Test SQL Injection Vulnerabilities
(SQLIVs) in Web Applications Based
on Structure Matching (SMART)
Related Applications:
Paros : is an open-source security scanner for testing web
application vulnerabilities. It is a traditional penetration test which
automatically scans web applications with injected HTTP request. By
analyzing the response page,
JDBC checker : checks the type correctness of generated SQL
queries, in order to find SQLIVs caused by improper type checking.
Sania : proposes syntactic and semantic analysis of the parse tree of
intended SQL queries. After filling attack codes in leaf nodes, Sania
checks the differences between initially parse tree and modified
parse tree, and reports SQLIVs
13. Test SQLIVs in Web Applications
Based on Structure Matching
(SMART)
A. Structure definition ( According to the ANSI SQL
standard)
B. Structure extraction
C. Structure matching
D. Validation
14. Test SQLIVs in Web Applications Based on
Structure Matching (SMART)
A. Structure definition ( According to the ANSI SQL
standard)
1. Blank, includes space characters, tabs, carriage returns, line feeds,
2.
3.
4.
5.
6.
7.
etc.
Single-line comment, often lead by comment symbol "-Multiple-line comment, often cited by a pair of comment symbol
"/*" and "*/".
Keyword, pre-defined by SQL standard, which makes the SQL query
meaningful, such as "SELECT", "INSERT","GRANT", “OR” etc.
Punctuation, often used to separate SQL queries, or used in some
mathematical operations, such as "=", "(", ";", etc.
Identifier, often used to specify database name, table name,
variable name, etc.
Data, includes all kinds of data used in SQL standard,such as
integers, real numbers, strings, dates, times, etc.
15. Test SQLIVs in Web Applications Based
on Structure Matching (SMART) cont.
B. Structure extraction
1.
2.
3.
To describe the structure of SQL queries, SMART defines the
SQL structure features of SQL query Q as a string array S:
S=‘a1,a2,a3.. am’ (m≥1) where ai (1≤i≤m) is the ith keyword
or punctuation in query Q, and m is the total number of
keywords and punctuations.
Regular expressions analysis is used on the SQL query to
extract its structure features
For example, the structure features of query "SELECT
accounts FROM users WHERE login= 'admin' AND pass=
'admin ' " is: 'SELECT FROM WHERE = AND ='
16. Test SQLIVs in Web Applications Based
on Structure Matching (SMART) cont.
C. Structure matching
1.
2.
For a given structure features array S, we define three kinds
of operation to modify it: "add" an element into it, "delete"
an element from it, and "change" one of its elements into
another
Given SQL structure features SI=A[1..m], S2=B[1..n], we
define d(i, j)=δ (A[1..i], B[1..j]) as the least number of
modification operations required to transfer A[1..i] into
B[1..j].
17. Test SQLIVs in Web Applications Based
on Structure Matching (SMART) cont.
D. Validation
Web applications are usually composed by many web pages where each
web page has zero or more input parameters. For example, the following
HTTP request shows that the "Login.jsp" page has two input parameters
"login" and "pass", and their default values are "admin" and "admin":
HTTP://www.bookstore.com/Login.jsp?login=admin&pass=admin
1.
2.
we test the two input parameters in turn. If "login" parameter is the
current parameter being tested, we first send the above original
request over HTTP, and get all the SQL queries generated by it,
denoted as Q=Q1,Q2..Qm.
Then we get all the SQL queries generated by the injected request,
denoted as Q'=Q‘1Q‘2 .. Q’n.
18. Test SQLIVs in Web Applications Based
on Structure Matching (SMART) cont.
If m does not equal n, we cannot determine whether
SQL injection succeeds, because the SQL queries are
probably generated by different code branches
if m equals n, then we examine each pair of Qi, and
Q„i and extract their structure features, denoted as S1
and S2
1.
2.
3.
4.
If the extraction of S1 and S2 are both failed, we
cannot determine whether SQLIV exists.
If the extraction of S1 is failed and S2 is successful,
we believe that the injection has broken some
authentication mechanism, and alert it as a SQLIV
If the extraction of S1 is successful and S2 is failed,
we believe that the injection has broken the structure
of the generated SQL query, and also alert it as a
SQLIV
If the extraction of S1and S2 are both successful, we
19. Test SQLIVs in Web Applications Based
on Structure Matching (SMART) cont.
If matching_value(S1,S2) equal zero, we believe
that the structure of the SQL query doesn't change
so the SQL injection doesn't succeed
2. If matching_value(S1,S2) is larger than zero and not
larger than a given upper bound specified, we
believe that the SQL injection appears and changes
the structure of the SQL query, and alert it as a
SQLIV
3. if matching_value(S1,S2) is larger than the upper
bound, we believe that the change of the structure is
caused by executing different code branches
4. If we still cannot determine whether SQL injection
succeeds when finishing all the test cases, we
believe that the tested input parameter is probably
safe against SQL injection. Then we continue to test
next input parameter, until all the input parameters
are tested
1.
20. CONCLUSION
We presented SMART, a new method to
automatically test SQL injection vulnerabilities in
web applications. SMART tests each input
parameter of web applications, matches the SQL
queries generated by both original HTTP request
and injected HTTP request, and determines
whether it has SQL injection vulnerability.
22. OVERVIEW
INTRODUCTION
XSS VULNERABILITIES
A SOLUTION TO BLOCK CROSS SITE
SCRIPTING VULNERABILITIES
AVOIDING XSS VULNERABILITIES
CONCLUSION
23. CROSS-SITE SCRIPTING (XSS)
Cross-site scripting or XSS is a defined as a
computer security vulnerability found in web
applications.
XSS allows for code injection by malicious
web users into Internet pages viewed by other
users.
In an XSS attack, the attacker gains the ability
to see private user IDs, passwords, credit
card information and other personal
identification.
24. XSS VULNERABILITIES
There are Two types of XSS vulnerabilities:
Reflected (Non-Persistent)
Stored (Persistent)
25. Reflected (NON-PERSISTENT)
It occurs when data provided by a web client is used
immediately by server-side scripts to generate a page
of results for that user
An example could be when an attacker convinces a
user to follow a malicious URL that injects code into
the results page; thus giving the attacker full access
to that page's content.
27. Stored (PERSISTENT)
It occurs when the data provided by the
attacker is saved by the server (database, file
system, other location).
Then permanently displayed on "normal"
pages returned to other users in the course of
regular browsing,
29. A solution to block Cross Site
Scripting Vulnerabilities
30. A solution to block Cross Site
Scripting Vulnerabilities Cont.
31. Components interaction
The schema for each web page, where an
input control is present, is generated and
stored offline by the developer in a folder
structure or in a database.
When a request is received, the HTTP
request is passed on to the converter.
Converter converts the input to an XML object
and sends it to the validator.
32. Components interaction Cont.
Validator retrieves the corresponding schema
for the request and maps the XML object with
the schema document.
If the input maps with the schema then the
status is returned to the converter as „yes‟,
otherwise the status „no‟ is returned.
If the status „yes‟ then the request is
forwarded to the web application. Otherwise,
the request is forwarded to an error page.
34. ELIMINATING SCRIPTS
Some web applications are written to function
without the need for client-side scripts.
In this way users would not be susceptible to
XSS attacks.
35. COOKIE SECURITY
Because client-side scripts have access to
cookies, XSS exploits are able steal these
cookies and hinder business functions.
Web applications tie session cookies to the IP
address of the user who originally logged in;
only that IP address is permitted to use the
particular cookie.
36. INPUT VALIDATION
It helps decipher other injection attacks such
as SQL injection.
Effective for most types of input, yet when an
application by design must be able to accept
special HTML characters, HTML entity
encoding is the desired choice.
37. AVOIDING XSS
VULNERABILITIES
Do not follow links from sites that navigate to
security-sensitive pages referencing personal
or business information.
Always practice obtaining a list of attacks that
have occurred on particular sites or messages
boards.
38. AVOIDING XSS
VULNERABILITIES
User‟s can disable scripting when not required
in order to reduce an XSS-style attack.
Do not trust links given on other sites such as
e-mail or message boards.
Always access any site with sensitive
information through its address and not third
party sites
39. CONCLUISON
Always practice using testing tools during the
design phase to eliminate XSS holes in the
application.
Input validation and HTML escaping are
essential, yet that must be applied at all
application points accepting data.
41. Outlines
Abstract
Introduction
Motivation.
General Attack scenario.
Classification of DOS and DDOS attacks.
General attack classification
Definition for DOS and DDOS
Dos attack classification
From DOS to DDOS
How to protect.
Example of DOS using LOIC.
42. Abstract
Recently many prominent web sites face so
called Distributed Denial of Service Attacks
(DDoS). While former security threats could be
faced by a tight security policy and active
measures like using firewalls, vendor patches
etc. these DDoS are new in such way that
there is no completely satisfying protection yet,
in this part of presentation we will cover this
topic carefully.
We will classify types of attacks.
Explore different DDOS tools.
43. Introduction
Motivation
Security threats is as old as the internet it self, In
fact the first connection between computers in
the ARPAnet between SRI and UCLA resulted in
a crash of the receiving system due to some
bugs in the communication software a classical
Denial-of-Service attack.
44. General attack scenario
big web sites usually use more than one system running
their web server. The clients access these servers via a
load balancing server which redirects the HTTP requests
to one of the servers. Todays web servers don't work as
stand alone systems but need the support of a number
of backend systems (like database or le-servers) to fulll
their tasks. The whole LAN network where the site is
hosted is typically protected by a firewall system. On the
way the IP datagrams have to pass a num-ber of
routers. On each of these systems there is at least the
hardware, the operating system and (as part of the OS)
aTCP/IP protocol stack that can fall victim to attacks.
45.
46. Classification of DOS and DDOS
attacks.
a possible classification of IT attacks
according to the intention of the cracker could
be
Denial of Service attack
The main goal of the attack is the disruption of service,
this can be reached by a variety of ways.
Intrusion
Get access to a system and to circumvent certain
barriers .
Information Theft
Access to otherwise restricted, sensitive information.
Modification
Attacker try to alter information, the type of attack
increased lately
47. DOS definition according to
W3C
What is a Denial of Service attack?
Denial of Service (DoS) is an attack designed to
render a computer or network incapable of providing
normal services. The most common DoS attacks will
target the computer's network bandwidth or
connectivity. Bandwidth attacks flood the network
with such a high volume of traffic, that all available
network resources are consumed and legitimate
user requests can not get through. Connectivity
attacks flood a computer with such a high volume of
connection requests, that all available operating
system resources are consumed, and the computer
can no longer process legitimate user requests.
48. DDOS definition according to W3C
A Distributed Denial of Service (DDoS) attack uses
many computers to launch a coordinated DoS
attack against one or more targets. Using
client/server technology, the perpetrator is able to
multiply the effectiveness of the Denial of Service
significantly by harnessing the resources of
multiple unwitting accomplice computers which
serve as attack platforms. Typically a DDoS
master program is installed on one computer using
a stolen account. The master program, at a
designated time, then communicates to any
number of "agent" programs, installed on
computers anywhere on the internet. The agents,
when they receive the command, initiate the
attack. Using client/server technology, the master
program can initiate hundreds or even thousands
49. Definition of DOS and DOSS
Denial-Of-Service Attack = DOS Attack is a
malicious attempt by a single person or a
group of people to cause the victim, site or
node to deny service to it customers.
DoS = when a single host attacks
DDoS
= when
simultaneously
multiple
hosts
attack
50. DOS attack classification
DOS and DDOS usually used limited number
of well known attacks with names like Smurf,
teardrop, or SYN-Flood.
We will try to provide a classification in
categories according to specified criteria.
System attacked.
Part of the system attacked.
Bug or overload.
51. System attacked
According to general attack scenario we will
identify a number of attack points :
Attack clients themselves ( useless number of users
or large )
Attack the router that connects the site hosting the
webserver to its ISP ( Internet Service Provider ) this
will effectively cut off all access to the websites.
Attack the firewall system although firewalls should
be quite immune to direct attacks , firewalls is a
bottle nick all in and out bound connection go
through it, so if an attack with a high load will stop
them.
Attack the load balancer.
attack the servers it self ( will be hard )
52. Part of the system is attacked
Attacks forms can be further divided by the
part of the system that is attacked.
Attack depends on the hardware (rare),
theoretically CPU and network card could fail to
work due to some data in net work packages.
Attack based on the limitation of the hardware.
Attacks targeting the Operating systems or the
TCP/IP stacks of host.
For this type of attack some are bugs that can be fixed
some are fundamental limitation. What to do ?!!!
53. Bug or overload
In general one has to distinguish whether a DoS is
a cause of a specific bug or just an overload of
components that function according to their
specification. Although bugs are often more severe
in their effects, most of the time the vendors
quickly provide fixes. All the administrators have
to do is to apply them to their system in order to
avoid further attacks. Attacks that are based on an
overload are typically harder to cope with. Of
course you can buy new hardware, but as long as
an attacker finds enough resources to use as
relays in the Internet he will always bring your
system to a halt. Changing the specification or
protocols in order to fix the hole that allows the
DoS is nearly impossible as this would often mean
changing the software in millions of computers
54. Examples
Jolt2 is an attack targeting most of Microsoft windows
systems , jolt2 sends a continuous stream of ICMP
ECHO-REPLy
fragment
with
specially
tuned
fragmentation which almost cause consumption of
CPU and Memory 100% which render the system to
unusable.
SYN-Flooding attack is to generate many half open
TCP connections .
Smurf Attack
so called amplifier sites in order to
multiply the amount of traffic that hits the destination,
this attack ends ICMP_ECHO_REQUEST packets with
spoofed sender address to one or more subnet, subnet
broadcast addresses, the packets received and replied
by as many stations as are connected to the subnet.
55.
56.
57.
58. From DOS to DDOS
Major Internet websites like amazon or Yahoo
tend to have Internet connections with very
large bandwidth an server farms with lots of
components. Furthermore they are typically
protected by firewall systems that block the
known attacks that are based on malformed
packets .
Their fears about large-scale attacks were
proved soon later in February 2000 when
major Internet sites –ebay amazon…etc where under attack. There are currently a few
59. How the attack happens ?
The actual attack is carried out by so called
daemons – hidden programs – a number of
the daemon is controlled by handlers and
finally this handlers are activated by the
attacker using clients tools.
60.
61. How the intrusion to clients computers
happen ? (|)
Stolen account is setup as a repository for a daemons
program and attack tools .
Sniffers are used scan large ranges of network blocks to
identify potential targets . Targets will include (overflow ,
security bugs,…etc. ).
A list of vulnerable systems is then used to create a script
that perform exploit, set up command running under the root
account , that listen to TCP port and connects to this port to
confirm the success of the exploit .
From the list select one with the desired architecture ,Pre-
compiled binaries of the DDoS daemons and handlers
programs are created and stored on a stolen account
somewhere on the Interne.
62. How the intrusion to clients computers
happen ?( ||)
A script is then run which takes this list of "owned“
systems and produces yet another script to
automate the installation process, running each
installation in the background for maximum
multitasking. The result of this automation is the
ability for attackers to set up the denial of service
network in a very short time frame and on widely
dispersed systems whose true owners often don't
even realize the attack.
63. Protection from DDOS
General protection
Basic security measures are mandatory.
If a running system is hacked into, no more network
attacks are necessary, since local attacks ( processes
consuming , memory consuming or simply shutting down
)
A set of firewall should be used to separate the
interior net from the internet , the firewall rules
should include some sanity check for source and
destination addresses.
Intrusion detection systems should be used to
notify administrators of unusual activities.
64. Protection
IP verify unicast reverse-path( Smurf)
Use the IP verify unicast reverse-path interface command on the
input interface on the router at the upstream end of the connection.
This feature examines each packet received as input on that
interface. If the source IP address does not have a route in the CEF
tables that points back to the same interface on which the packet
arrived, the router drops the packet.
Configure rate limiting for SYN packets
Limit response time.
Apply ingress and egress filtering
Egress filtering helps ensure that unauthorized or malicious traffic
never leaves the internal network.
ingress filtering is a technique used to make sure that
incoming packets are actually from the networks that they claim to
be from.