Attacking Applications: SQL Injection & Buffer Overflows.

Slides:

Advertisements

Similar presentations

Module XIV SQL Injection

Advertisements

Company LOGO WEB SYSTEM. Components of a Generic Web Application System.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

WebGoat & WebScarab “What is computer security for $1000 Alex?”

How Did I Steal Your Database Mostafa

ITEC403 Graduation Project Applications’ Security – Cem Yağlı.

Introduction The concept of “SQL Injection”

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Firewall Vulnerabilities Presented by Vincent J. Ohm.

SQL Injection and Buffer overflow

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

CS5103 Software Engineering Lecture 18 Security Issues in Software Engineering & Final Exam.

SQL INJECTION COUNTERMEASURES &

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

CSCI 6962: Server-side Design and Programming Secure Web Programming.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

© All rights reserved. Zend Technologies, Inc. PHP Security Kevin Schroeder Zend Technologies.

Attacks Against Database By: Behnam Hossein Ami RNRN i { }

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

CGI Security COEN 351. CGI Security Security holes are exploited by user input. We need to check user input against Buffer overflows etc. that cause a.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Security Vulnerabilities and Their Impact upon Poirot Jun Lin Supervised by Dr. Jane Huang.

Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

Prof Frankl, Spring 2008CS Polytechnic University 1 Overview of Web database applications with PHP.

SQL Injection Jason Dunn. SQL Overview Structured Query Language For use with Databases Purpose is to retrieve information Main Statements Select Insert.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.

Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.

SQL – Injections Intro. Prajen Bhadel College of Information Technology & Engeneering Kathmandu tinkune Sixth semister.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich MIT, Stanford University USENIX 09’ Nemesis: Preventing Authentication & Access Control Vulnerabilities.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

Oracle 11g: SQL Chapter 7 User Creation and Management.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.

SQL Injection Attacks An overview by Sameer Siddiqui.

VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.

Error-based SQL Injection

SQL Injection By Wenonah Abadilla. Topics What is SQL What is SQL Injection Damn Vulnerable Web App SQLI Demo Prepared Statements.

SQL INJECTION Lecturer: A.Prof.Dr. DANG TRAN KHANH Student :Le Nguyen Truong Giang.

SQL Injection Attacks S Vinay Kumar, 07012D0506. Outline SQL Injection ? Classification of Attacks Attack Techniques Prevention Techniques Conclusion.

SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll

Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.

SQL Injection Attacks.

Application Vulnerabilities

Database System Implementation CSE 507

Group 18: Chris Hood Brett Poche

Web Application Security

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Chapter 7: Identifying Advanced Attacks

World Wide Web policy.

Theodore Lawson CSCE548 Student Presentation, Topic #2

Security mechanisms and vulnerabilities in .NET

CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst

Lecture 2 - SQL Injection

Outsourcing Database Administration

Understanding and Preventing Buffer Overflow Attacks in Unix

Presentation transcript:

Attacking Applications: SQL Injection & Buffer Overflows

 AKA: Code Injection  Common Issues  Both used to attack applications  Both generally caused by programming flaws  Both usually delivered via user input field  Both caused by invalid parameters (not verified)  Countermeasures for both  Utilize secure programming methods

 Occurs when an app processes user-provided data to create an SQL statement without first validating the input.  Read or modify a database by compromising the meaning of the original query  Results  1. Attacker gets to remotely execute system commands, or  2. Attacker takes control of database server

 1. Search for websites with login page or other input or query fields  2. Test using single quotes  3. Use SELECT to retrieve data, or  Use automated tool: Absinthe    Why it works:

 Identifying vulnerabilities  Database Finger-Printing  Determine Database Schema  Extract / Add / Modify Data  Perform DoS  Evade Detection  Bypass Authentication  Execute Remote Commands  Perform Privilege Escalation  Install Malware

 Practice Defensive Coding  Change default admin login information  Disable default admin login account  Validate / Sanitize user input  Use strong firewall rules  Block ports: 1434 (SQL & mysql); (Oracle)  Don’t display error messages  Remove Stored Procedures, but rather use Prepared Statements  Session encryption

 Use escape commands  escapeshellcmd(): decreases risks involved in allowing user input to be passed to the shell  escapeshellarg(): convert scalar value into single- quote delimited string  Mysql_real-escape-string()  Sanitizes data before sending to MYSQL

  How it works:  

 Types  Stack based  Static locations for memory address space  Heap based  Dynamic memory address spaces  Countermeasures  IDS should look for NOP (No Operation) instructions  Don’t use: C or C++ commands that don’t provide argument checking. (C & C++ leave data integrity checking to programmer):  eg) strcpy(), strcat(), streadd()  Use functions that check buffer size – eg) strncopy()  DO use: Java or Perl or Lisp