SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security.

Slides:



Advertisements
Similar presentations
Module XIV SQL Injection
Advertisements

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
Understand Database Security Concepts
How Did I Steal Your Database Mostafa
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Introduction The concept of “SQL Injection”
Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.
Automated Estimation and Evaluation of SQL-injection Vulnerabilities Jonas Persson, Group 30 - Language based security 2006.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Web Server Security By Michael Huang. Web Server Security - Background Experts gets hacked (AOL, MSN, FBI, CIA, etc…) Loss of Trade Secrets, Company Embarrassment,
{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.
PHP-MySQL By Jonathan Foss. PHP and MySQL Server Web Browser Apache PHP file PHP MySQL Client Recall the PHP architecture PHP can communicate with a MySQL.
SQL Injection Timmothy Boyd CSE 7330.
MIS Week 11 Site:
A Guide to SQL, Eighth Edition Chapter Three Creating Tables.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
Attacking Applications: SQL Injection & Buffer Overflows.
Varun Sharma Application Consulting and Engineering (ACE) Team, Microsoft India.
Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Introduction To Web Application Security in PHP. Security is Big And Often Difficult PHP doesn’t make it any easier.
SQL injection Figure 1 By Kaveri Bhasin. Motive of SQL Injection Obtain data from database Modify system functions Insert data in the backend database.
Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.
Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.
Accessing Your MySQL Database from the Web with PHP (Ch 11) 1.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.
SQL – Injections Intro. Prajen Bhadel College of Information Technology & Engeneering Kathmandu tinkune Sixth semister.
WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.
Database Security Lesson Introduction ●Understand the importance of securing data stored in databases ●Learn how the structured nature of data in databases.
Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich MIT, Stanford University USENIX 09’ Nemesis: Preventing Authentication & Access Control Vulnerabilities.
Module: Software Engineering of Web Applications Chapter 3 (Cont.): user-input-validation testing of web applications 1.
SQL Injection Anthony Brown March 4, 2008 IntroductionQuestionsBackgroundTechniquesPreventionDemoConclusions.
Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.
1 Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks Ben Smith Laurie Williams Andrew Austin North Carolina.
SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.
Error-based SQL Injection
SQL Injection By: Ayman Mohamed Abdel Rahim Ali Ehab Mohamed Hassan Ibrahim Bahaa Eldin Mohamed Abdel Sabour Tamer Mohamed Kamal Eldin Jihad Ahmad Adel.
SQL Injection By Wenonah Abadilla. Topics What is SQL What is SQL Injection Damn Vulnerable Web App SQLI Demo Prepared Statements.
SQL Injection Attacks S Vinay Kumar, 07012D0506. Outline SQL Injection ? Classification of Attacks Attack Techniques Prevention Techniques Conclusion.
Introduction SQL Injection is a very old security attack. It first came into existence in the early 1990's ex: ”Hackers” movie hero does SQL Injection.
SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll
Cosc 5/4765 Database security. Database Databases have moved from internal use only to externally accessible. –Organizations store vast quantities of.
SQL Injection By Wenonah Abadilla.
SQL Injection.
Database System Implementation CSE 507
Group 18: Chris Hood Brett Poche
SQL Primer Boston University CS558 Network Security Fall 2015
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
SQL Injection.
Theodore Lawson CSCE548 Student Presentation, Topic #2
Unix System Administration
SQL INJECTION ATTACKS.
SQL Injection Attacks Many web servers have backing databases
Defense in Depth Web Server Custom HTTP Handler Input Validation
PHP: Security issues FdSc Module 109 Server side scripting and
Chapter 13 Security Methods Part 3.
Brute force attacks, DDOS, Botnet, Exploit, SQL injection
Lecture 2 - SQL Injection
Web Hacking: Beginners
Create New User in Database. First Connect the System.
SQL Injection Attacks John Sweetnam
Presentation transcript:

SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security

What is an SQL-injection attack? It is an attack that is performed on an SQL database. It abuses the fact that some implementations do not check for special characters in the input. Different types of attacks possible.

The goals of the project Learn about SQL-injection attacks. Present how an attack is performed. Present some protective measures.

What we have done Read up on SQL injection attacks. Determined the steps needed to perform an attack. Written a guide for the simplest attacks. Presented some protective measures that can be taken to prevent injection attacks.

Different types of attacks Bypassing authentication Abusing SELECT queries Abusing INSERT queries Smashing the database

SQL attacks The first thing to try is to enter a single quote as part of the data. If an SQL error is produced the server does not sanitize the input. This means that the server might be vulnerable to injection attacks.

Bypassing authentication SELECT * FROM users WHERE username= ’".$_POST[’username’]."’ AND pwd= ’".$_POST[’password’]."’ SELECT * FROM users WHERE username=’kalle’ AND pwd=’secret’

Bypassing authentication Now the user enters kalle’-- instead of kalle as username. SELECT * FROM users WHERE username=’kalle’--’ AND pwd=’secret’

Bypassing authentication If a username is not known it might still be possible to bypass a login form. Suppose you write the following as username: ’ OR 1=1-- SELECT Name FROM Users WHERE Name = ’’ OR 1=1-- AND Password = ’’

Abusing SELECT queries Can be used to determine the structure of the database. Used to gather secret information.

Sample SELECT query ‘ UNION ALL SELECT OtherField FROM OtherTable WHERE ‘‘=‘ SELECT FirstName, LastName, Title FROM Employees WHERE City = ‘‘ UNION ALL SELECT OtherField FROM OtherTable WHERE ‘‘=‘‘ SELECT FirstName, LastName, Title FROM Employees WHERE City = ‘" & strCity & "‘

Protection techniques Work around the problem in the programming language that use SQL. Setting security privileges on the database to the least-required.

DEMO TIME

Conclusions We achieved our goals We learned a lot about SQL injection attacks. SQL injection attacks are rather easy to protect aginst… BUT, many servers are still vulnerable to SQL injection attacks. Therefore it is important to know about them and how to protect against them.

Questions/applauds ;-)