Download presentation
Presentation is loading. Please wait.
Published byBenjamin Williams Modified over 9 years ago
1
By Sean Rose and Erik Hazzard
2
SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain unauthorized access to database information.
3
SQL is a programming language used for accessing and managing information that is stored in a database. Web applications send SQL commands in the form of strings to the database.
4
When using SQL injection, a user attempts to manipulate the command string sent to database by the web application to gain unauthorized access. It has been used many times by malicious users to gain access to private information.
5
A website may have the following code: ◦ statement = "SELECT * FROM users WHERE name = '" + userName + "';“ A malicious user may enter the following string into the web form that assigns the variable userName: ◦ hax' or 'this'='this
6
This will result in the following code: ◦ SELECT * FROM users WHERE name = 'hax' OR 'this'='this'; Because 'this'='this' is always true, the command will force the selection of a valid user name when sent to the database.
7
First, only allow only good input, such as letters, numbers, and – Then, disallow all known bad input such as “--”, “select”, “insert”, “update”, and “drop” which have special meanings within SQL. If a string input by the user does not meet the requirement, reject it. Do not attempt to create an acceptable input from bad input.
8
However, such preventions should be handled by the web server instead of locally by the user's system. Failing to do so can result in the user simply removing the prevention code and then proceeding to input what ever they want into the form.
9
On April 13, 2008, Sexual and Violent Offender Registry of Oklahoma shut down its site for a 'routine maintenance' after being informed that 10,597 social security numbers from sex offenders had been downloaded by SQL injection
10
Cross Site Scripting (XSS) What ◦ Attacks primarily in websites that compromise the 'same-origin' policy of client-side scripting languages Why ◦ Why not? 3 Types of XSS attacks
11
Why is XSS an issue Popular ◦ Even more popular than buffer overflow attacks ◦ Has affected Google, Facebook, and TJMaxx Easy ◦ Many websites are unprotected and remain as such, developers tend to be lazy ◦ Only basic knowledge is required to perform attacks Ramifications ◦ Identity theft
12
Types of XSS Attacks Type 0 – DOM Based ◦ Local Attacks Type 1 – Non-Persistent ◦ Occur when server side pages are generated from client side input ◦ Most popular attacks Type 2 – Persistent ◦ Malicious data (e.g. Javascript) stored on web server ◦ Most potentially harmful attacks ◦ Focus of this presentation
13
Persistent (Type 2) Attacks Server stores client input ◦ Server trusting client input (BAD) Occurs when ◦ 1. User enters data to a web application ◦ 2. Data is stored persistently on the web server ◦ 3. The data is displayed to a user Example ◦ Forums ◦ Craig's list
14
Persistent (Type 2) Attacks Step 1. Steal cookies ◦ Malicious Javascript is stored on a server then executed when a client views a web page, stealing the client's cookie Step 2.... ◦ The bad guy finds out the user's session information from the cookie Step 3. Profit ◦ Using the stolen session information, the hacker can masquerade as the user, accessing everything the user could – e.g. Stored Credit Card info
15
Protection Avoiding XSS ◦ Protecting yourself is difficult. Disabling Javascript is not always the best option ◦ Be paranoid XSS is largely a server side problem Responsibility Lies with Developer ◦ When developing an application ◦ 1. Don't trust user input ◦ 2. Filter user input ◦ 3. Don't trust the filtered input
16
Questions
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.