Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 13 Security Methods Part 3.

Published byEgil Holen Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 13 Security Methods Part 3."— Presentation transcript:

1 Chapter 13 Security Methods Part 3

2 SQL Injection Attack Many web applications take user input from a form
Often this user input is used literally in the construction of a SQL query submitted to a database. For example: SELECT user FROM table WHERE name = ‘user_input’; An SQL injection attack involves placing SQL statements in the user input 12/27/2018 Web Security

3 Login Authentication Query
Standard query to authenticate users: select * from users where user='$usern' AND pwd='$password' Classic SQL injection attacks Server side code sets variables $username and $passwd from user input to web form Variables passed to SQL query select * from users where user='$username' AND pwd='$passwd' Special strings can be entered by attacker select * from users where user='M' OR '1=1' AND pwd='M' OR '1=1' Result: access obtained without password 12/27/2018 Web Security

4 Some improvements … Query modify:
select user,pwd from users where user='$usern‘ $usern=“M' OR '1=1”; Result: the entire table We can check: only one tuple result formal correctness of the result $usern=“M' ; drop table user;”? 12/27/2018 Web Security

5 CIT 380: Securing Computer Systems
SQL Injection Attacker App sends form to user. Attacker submits form with SQL exploit data. Application builds string with exploit data. Application sends SQL query to DB. DB executes query, including exploit, sends data back to application. Application returns data to user. User ‘ or 1=1-- Pass Firewall Web Server DB Server CIT 380: Securing Computer Systems

6 SQL Injection in PHP $query = "select count(*) from users where username = '$username' and password = '$password'"; $result $query); CIT 380: Securing Computer Systems

7 SQL Injection Attack #1 Unauthorized Access Attempt:
password = ’ or 1=1 -- SQL statement becomes: select count(*) from users where username = ‘user’ and password = ‘’ or 1=1 -- Checks if password is empty OR 1=1, which is always true, permitting access. CIT 380: Securing Computer Systems

8 SQL Injection Attack #2 Database Modification Attack:
password = foo’; delete from table users where username like ‘% Database executes two SQL statements: select count(*) from users where username = ‘user’ and password = ‘foo’ delete from table users where username like ‘%’ Principle of Least Privilege likely violated as web server user needs privileges to do all operators permitted on users, including deleting them. CIT 380: Securing Computer Systems

9 Preventing SQL Injection Attacks
mysqli_real_escape_string() Prepared statements

10 post_message.php Script 13.6 on pages 444-5
ch13\post_message.php

11 Assignment #22

Download ppt "Chapter 13 Security Methods Part 3."

Similar presentations

PHP SQL. Connection code:- mysql_connect(server, username, password); Connect to the Database Server with the authorised user and password. Eg $connect.

PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.
How Did I Steal Your Database Mostafa

How Did I Steal Your Database Mostafa
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
James Walden, Maureen Doyle Northern Kentucky University Students: Andrew Plunkett, Rob Lenhof, John Murray.

James Walden, Maureen Doyle Northern Kentucky University Students: Andrew Plunkett, Rob Lenhof, John Murray.
1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.

1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
ASP.NET Programming with C# and SQL Server First Edition Chapter 8 Manipulating SQL Server Databases with ASP.NET.

ASP.NET Programming with C# and SQL Server First Edition Chapter 8 Manipulating SQL Server Databases with ASP.NET.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.

{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
SQL Injection Timmothy Boyd CSE 7330.

SQL Injection Timmothy Boyd CSE 7330.
PHP Security.

PHP Security.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Similar presentations

Ads by Google