Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

Slides:

Advertisements

Similar presentations

WebGoat & WebScarab “What is computer security for $1000 Alex?”

Advertisements

How Did I Steal Your Database Mostafa

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.

1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

SQL Injection and Buffer overflow

Website Development Working with MySQL. What you will achieve today! Connecting to mySql Creating tables in mySql Saving data on a server using mySql.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

MIS Week 11 Site:

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

CSCI 6962: Server-side Design and Programming JDBC Database Programming.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

4-1 INTERNET DATABASE CONNECTOR Colorado Technical University IT420 Tim Peterson.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

CSCI 6962: Server-side Design and Programming Secure Web Programming.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.

1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.

AMNESIA: Analysis and Monitoring for NEutralizing SQL- Injection Attacks Published by Wiliam Halfond and Alessandro Orso Presented by El Shibani Omar CS691.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

Attacking Applications: SQL Injection & Buffer Overflows.

Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim

NMD202 Web Scripting Week3. What we will cover today Includes Exercises PHP Forms Exercises Server side validation Exercises.

Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.

CSCI 6962: Server-side Design and Programming Database Manipulation in ASP.

Accessing Your MySQL Database from the Web with PHP (Ch 11) 1.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.

Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.

Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.

Building Secure Web Applications With ASP.Net MVC.

Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.

WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.

Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

SQL Injection Anthony Brown March 4, 2008 IntroductionQuestionsBackgroundTechniquesPreventionDemoConclusions.

SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.

Chapter 7 SQL Injection I: Identification

SQL INJECTION Lecturer: A.Prof.Dr. DANG TRAN KHANH Student :Le Nguyen Truong Giang.

SQL Injection Attacks S Vinay Kumar, 07012D0506. Outline SQL Injection ? Classification of Attacks Attack Techniques Prevention Techniques Conclusion.

Introduction SQL Injection is a very old security attack. It first came into existence in the early 1990's ex: ”Hackers” movie hero does SQL Injection.

SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll

Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.

Database and Cloud Security

Database System Implementation CSE 507

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

CS 330 Class 7 Comments on Exam Programming plan for today:

Unix System Administration

SQL INJECTION ATTACKS.

Intro to Ethical Hacking

Database Driven Websites

Defense in Depth Web Server Custom HTTP Handler Input Validation

Chapter 13 Security Methods Part 3.

Lecture 2 - SQL Injection

Create New User in Database. First Connect the System.

Intro to Ethical Hacking

Presentation transcript:

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin

2 Presentation Outline Problem statement Motivation (example) Implementation Results Concluding remarks Questions

3 SQL injection SQL Injection is a method by which the parameters of a Web-based application are modified in order to change the SQL statements that are passed to a database. An attacker is able to insert a series of SQL statements into a 'query' by manipulating data input.

4 SQL injection

5 The critical vulnerability is the way in which the query string is created. example: (no input validation) var SQL = "select * from users where username = ' "+ username +" ' and password = ' "+ password +" '"; Example

6 Vulnerable web page

7 Example Queries executed: select * from users where username = “ drop table users

8 Example

9 If no spaces are allowed, try: 'or/**/1=1--

10 SQL injection types Redirecting and reshaping a query involves inserting SQL commands into the query being sent to the database. The commands allow a direct attack on the database. Error message based SQL injection makes use of the database error messages returned to the client. The messages provide clues as to the database type and structure as well as the query structure. Blind SQL injection which involves a lot of guesswork and thus requires a larger investment in time. The attacker tries many combinations of attack and makes the next attack attempt based on their interpretation of the resulting html page output.

11 Classes of SQL injection Inband uses the existing connection to the database to manipulate the database. An example of this would be to use the data returned in a well formed web page or an error message. Out of band requires a new channel to be opened between the client and the application. This usually requires the database to connect out to the client using , http or a database connection. Inference does not require any data transfer at all but uses properties such as web server response time or web server response codes.

12 Project Goals Analyse the structure of SQL query commands Build a parser that will check allowable patterns of SQL statements Create a proxy server that will filter SQL commands. Prevent a SQL injection attack to a database using this proxy server. Prove that SQL injection can be prevented using the filter developed to work on the proxy server.

13 SQL injection

14 Implementation Step

15 Implementation Step

16 Results Analyse the structure of SQL query commands Build a filter that will check allowable patterns of SQL statements Create a proxy server that will filter SQL commands. Prevent a SQL injection attack to a database using this proxy server. Prove that SQL injection can be prevented using the filter developed to work on the proxy server.

17 Results Working proxy server –Extracts the SQL from a TDS query packet –Prevents SQL injection attacks White list - principle of least privilege Black list - disallow Gray list - possibly harmful Regex list - input validation –Logs Extracted SQL queries Halted SQL –Alerts DBA via UDP

18 Results

19 Results

20 Conclusion Advantages –Independent of flaws in application coding and database privileges –Can operate on a separate server with real time analysis –Another layer of protection Disadvantages –False positives also filtered out too –Won’t work if data is encrypted

21 Questions