1 Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks Ben Smith Laurie Williams Andrew Austin North Carolina.

Slides:



Advertisements
Similar presentations
SQL Injection Stephen Frein Comcast.
Advertisements

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection Yuji Kosuga, Kenji Kono, Miyuki Hanaoka Keio University Miho Hishiyama,
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
James Walden, Maureen Doyle Northern Kentucky University Students: Andrew Plunkett, Rob Lenhof, John Murray.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security.
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Approaches to Application Security – DSM
A Framework for Automated Web Application Security Evaluation
1.NET Web Forms Security Issues © 2002 by Jerry Post.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
Web Application Security Testing Automation.. Copyright © 2008 Deloitte Touche Tohmatsu. All rights reserved.1 What types of automated testing are there?
I Copyright © 2004, Oracle. All rights reserved. Introduction Copyright © 2004, Oracle. All rights reserved.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Introduction To Web Application Security in PHP. Security is Big And Often Difficult PHP doesn’t make it any easier.
NMD202 Web Scripting Week3. What we will cover today Includes Exercises PHP Forms Exercises Server side validation Exercises.
PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.
Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.
Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.
Accessing Your MySQL Database from the Web with PHP (Ch 11) 1.
2011/12/20 1 Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin Syracuse University ACSAC 2011.
The attacks ● XSS – type 1: non-persistent – type 2: persistent – Advanced: other keywords (, prompt()) or other technologies such as Flash.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.
Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.
Web Applications Testing By Jamie Rougvie Supported by.
Building Secure Web Applications With ASP.Net MVC.
DAT356 Hackers Paradise SQL Injection Attacks Doug Seven, Microsoft MVP Cofounder of SqlJunkies.com
1 Challenges for Protecting the Privacy of Health Information: Required Certification Can Leave Common Vulnerabilities Undetected Ben Smith, Andrew Austin,
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
1 Towards Improved Security Criteria for Certification of Electronic Health Record Systems Andrew Austin Ben Smith Laurie Williams North Carolina State.
Web Technologies for Social Networking Dr Dan Everett Master of Internet Technology program University of Georgia, US.
SQL Injection Anthony Brown March 4, 2008 IntroductionQuestionsBackgroundTechniquesPreventionDemoConclusions.
Writing secure Flex applications  MXML tags with security restrictions  Disabling viewSourceURL  Remove sensitive information from SWF files  Input.
C++ for Engineers and Scientists, Second Edition 1 Problem Solution and Software Development Software development procedure: method for solving problems.
SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.
Error-based SQL Injection
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
COMPUTER SECURITY Ashesi University College Benson Wachira Julateh Mulbah.
Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.
START Application Spencer Johnson Jonathan Barella Cohner Marker.
SQL Injection By Wenonah Abadilla. Topics What is SQL What is SQL Injection Damn Vulnerable Web App SQLI Demo Prepared Statements.
Programming Logic and Design Fourth Edition, Comprehensive Chapter 10 Using Menus and Validating Input.
SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll
SQL Injection By Wenonah Abadilla.
Database and Cloud Security
Final Project: Advanced security blade
SQL Injection.
SQL Injection.
Theodore Lawson CSCE548 Student Presentation, Topic #2
SQL Injection Attacks Many web servers have backing databases
A Tale of Two XP Teams Laurie Williams North Carolina State University
MIS Professor Sandvig MIS 324 Professor Sandvig
Web Application Security
PHP: Security issues FdSc Module 109 Server side scripting and
Unit 1.6 Systems security Lesson 2
Chapter 13 Security Methods Part 3.
Brute force attacks, DDOS, Botnet, Exploit, SQL injection
Lorenzo Biasiolo 3°AI INFORMATION SECURITY.
Ben Smith and Laurie Williams
Proposing SQL Statement Coverage Metrics
Presentation transcript:

1 Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks Ben Smith Laurie Williams Andrew Austin North Carolina State University

2 Motivation In the CWE/SANS Top 25 Most Dangerous Programming Errors: SQL injection vulnerabilities Error message information leak vulnerabilities These vulnerabilities are related –Ensuring that input falls within desired range –Handling the case when input is out of range

3 Why? How?

4 Objective The goal of this research is to assess the relative effectiveness of system and unit level testing of web applications to reveal both SQL injection vulnerabilities and error message information leakage vulnerabilities when used with an iterative test automation practice by a feature development team.

Agenda Motivation and Objective Background –What is feature development? –What’s a hotspot? Case Study on Four Java Web Apps Discussion 5

Feature Development 6 DatabaseApplication Logic User Interface Write Tests Edit Patient Information Database Application Logic User Interface Write Tests View Operational Profile Database Application Logic User Interface Write Tests

7 HOTSPOT

Agenda Motivation and Objective Background –What is feature development? –What’s a hotspot? Case Study on Four Java Web Apps Discussion 8

9 Case Study Four open source Java web applications (SourceForge.net): 1.How many malicious tests are included in the unit tests distributed with the applications? 2.What percentage of hotspots are executed by the unit tests distributed with the applications? 3.How does this number compare to the unit tests set’s statement coverage?

Subject Web Apps ProjectiTrustHispactaLogicServicesTuduLists Version Lines of Code Production Classes Database Classes

Results ProjectiTrustHispactaLogicServicesTuduLists Hotspots Covered by Intrinsic Tests Coverage97%87%98%23% Statement Coverage 84%49%53%40% Intrinsic Tests with Malicious Input

Case Study, cont’d 4.Write system level test cases that execute every hotspot with input that is typical (safe) and then that is malicious. Do these tests expose: –SQL Injection Vulnerabilities? –Error Message Information Leakage Vulnerabilities? 12

Results, cont’d ProjectiTrustHispactaLogicServicesTuduLists System Level Tests EMIL Vulnerabilities 2294 SQLI Vulnerabilities

Case Study, cont’d 5.Augment the unit tests in the same fashion that execute every hotspot with input that is typical (safe) and then that is malicious. Do these tests expose Error Message Information Leakage Vulnerabilities? 14

Results, cont’d ProjectiTrustHispactaLogicServicesTuduLists System Level Tests EMIL Vulnerabilities 2294 SQLI Vulnerabilities 0000 Unit Level Tests EMIL Vulnerabilities

Agenda Motivation and Objective Background –What is feature development? –What’s a hotspot? Case Study on Four Java Web Apps Discussion 16

17 Summary Unit and system testing every hotspot did not expose any SQL injection vulnerabilities System level testing revealed 17 error message information leak vulnerabilities Attempted to expose the error message vulnerabilities at the unit level and we could not

18

19 Easy Solution

20 Conclusions Prepared statements (when used correctly) effectively protect against SQL injection attacks System level testing must be used to expose error message information leakage vulnerabilities when used with an iterative test automation practice by a feature development team.

21 Questions?

22 $username = $_POST[‘username’]; $password = $_POST[‘password’]; $result = mysql_query( “select * from users where username = ‘’ OR 1=1 ---’ AND password = ‘$password’”); $firstresult = mysql_fetch_array($result); $role = $firstresult[‘role’]; $_COOKIE[‘userrole’] = $role SQL Injection Attacks ‘ OR 1=1 --

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.