Download Link to Slides

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
Document related concepts

Relational algebra wikipedia , lookup

Tandem Computers wikipedia , lookup

Entity–attribute–value model wikipedia , lookup

IMDb wikipedia , lookup

Concurrency control wikipedia , lookup

Oracle Database wikipedia , lookup

Microsoft Access wikipedia , lookup

Ingres (database) wikipedia , lookup

Functional Database Model wikipedia , lookup

Database wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Null (SQL) wikipedia , lookup

Database model wikipedia , lookup

Clusterpoint wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Relational model wikipedia , lookup

Open Database Connectivity wikipedia , lookup

SQL wikipedia , lookup

PL/SQL wikipedia , lookup

Transcript 
SQL Injection
Common Attacks on Databases
Unauthorized Privilege Escalation: Individuals attempting to increase their privileges by
attacking vulnerable points in the DBMS.
Privilege Abuse: Authorized users accessing/modifying data in an unauthorized way. Example: a
TA lowering the grades of students they dislike.
Denial of Service: An attempt to make database resources unavailable to intended users. Often
a general attack which attempts to consume network, data, or processing resources through
excessive/expensive queries.
Weak Authentication: Impersonating an authorized user to gain access (password stealing /
phishing).
SQL Injection
This attack involves a malicious user providing unexpected input that modifies the SQL query to perform
unintended actions.
Lets imagine a simple authentification procedure that asks a user for a name (josh) and password
(zoe1234) and checks if such an entry exists in the database:
◦ SELECT * FROM users WHERE name = 'josh' and password = 'zoe1234';
If the user supplies malicious input like: name (josh) and password (i_dont_know' or 'x'='x),
here's the new query:
◦ SELECT * FROM users WHERE name = 'josh' and password = 'i_dont_know' or 'x'='x';
This changed query will always return rows and "authenticate" the user despite providing the wrong
password.
This type of SQL injection is called SQL manipulation.
Other types of SQL Injection
Code Injection
◦ Adding additional SQL statements or
commands to the existing SQL statement by
exploiting a computer bug, which is caused
by processing invalid data.
◦ This is often involves buffer overruns and
stack overflows from unexpectedly large
input payloads.
Function Call Injection:
◦ This attack exploits the system-provided
functions that many SQL queries invoke to
cause unexpected behavior.
http://www.informationsecuritybuzz.com/articles/
detecting-and-investigating-sql-injection-attacks/
Risks from SQL Injection
Database fingerprinting: The database response to injection can often reveal information
regarding the version of DBMS being used and susceptibility to other attacks.
Denial of Service: Malicious queries often take longer to process, allowing a denial of service.
Bypassing authentication: Very common problem, where an attacker makes a query succeed
despite not having authorization.
Identifying injectable parameters: Error message responses (which should be turned off in
production databases) can be used to identify the structures within the database vulnerable to
attack.
Executing remote commands: A remote user can execute stored database procedures and
functions leading to control over the entire OS.
Solutions to SQL Injection
Bind Variables
◦ Use parameterized statements
◦ Don't insert raw text into SQL statements, instead use parameters with will be
bound to a variable when needed.
◦ It is both more performant and more secure.
Filtering Input:
◦ Validate your input
◦ Remove escape characters (like the apostrophe)
◦ However, there are many escape characters, so you should use a built in to
the database replace function.
◦ But even that isn't foolproof so bind your variables instead.
Related documents
mysql> show tables
mysql> show tables
SQL injection attacked
SQL injection attacked
Job Descriptions - Human Resources Department JOB GOAL
Job Descriptions - Human Resources Department JOB GOAL
Business Intelligence and Data Warehousing
Business Intelligence and Data Warehousing
Data Warehouse performance and maintenance
Data Warehouse performance and maintenance
Recruitment Authorisation Form
Recruitment Authorisation Form
Elements of SQL Data Definition Language
Elements of SQL Data Definition Language
BIS 3204 Database DB Programming
BIS 3204 Database DB Programming
進階資料庫系統 課程綱要表 課程名稱: (中文) 進階資料庫系統 (英文
進階資料庫系統 課程綱要表 課程名稱: (中文) 進階資料庫系統 (英文
Database Security - Department of Computer Science
Database Security - Department of Computer Science
Attacking Data Stores
Attacking Data Stores
MS-SQL-Developer - Metro Staffing Solutions
MS-SQL-Developer - Metro Staffing Solutions
sql-injection-attack-ndss
sql-injection-attack-ndss
Web Application Security
Web Application Security
Day2.3b - ODU Computer Science
Day2.3b - ODU Computer Science
What is SQL Injection?
What is SQL Injection?
Chapter IV computer security
Chapter IV computer security
- aes journals
- aes journals
IOSR Journal of Computer Engineering (IOSR-JCE)
IOSR Journal of Computer Engineering (IOSR-JCE)
SQL Injection Attack Lab - Computer and Information Science
SQL Injection Attack Lab - Computer and Information Science
SQLIA: Detection And Prevention Techniques: A Survey Pushkar Y.Jane , M.S.Chaudhari
SQLIA: Detection And Prevention Techniques: A Survey Pushkar Y.Jane , M.S.Chaudhari
Securing Web Application against SQL Injection Attack: a
Securing Web Application against SQL Injection Attack: a