hands-on sql injection attack and defense hi-tec july 21, 2013
TRANSCRIPT
![Page 1: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/1.jpg)
Hands-on SQL Injection Attack and Defense
HI-TECJuly 21, 2013
![Page 2: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/2.jpg)
Bio
![Page 3: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/3.jpg)
How Important is SQL Injection?
![Page 4: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/4.jpg)
• SQL injection continues to reign as hackers' most consistently productive technique for stealing massive dumps of sensitive information within corporate databases.
• In fact, according to analysis done by database security firm Imperva of breach events between 2005 and July of this year, 82 percent of lost data due to hacking was courtesy of SQL injection.
• http://www.darkreading.com/database-security/167901020/security/news/240006491/hacktivists-continue-to-own-systems-through-sql-injection.html
![Page 5: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/5.jpg)
• http://news.techworld.com/security/3331283/barclays-97-percent-of-data-breaches-still-due-to-sql-injection/
![Page 6: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/6.jpg)
• In 2008 SQL Injection became the leading method of malware distribution
• 16 percent of websites are vulnerable to SQL Injection
• http://jeremiahgrossman.blogspot.com/2009/02/sql-injection-eye-of-storm.html
![Page 7: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/7.jpg)
![Page 8: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/8.jpg)
Are You Vulnerable?
![Page 9: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/9.jpg)
Example SQL Injection Vulnerability
![Page 10: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/10.jpg)
![Page 11: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/11.jpg)
![Page 12: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/12.jpg)
![Page 13: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/13.jpg)
The Commands Used to Steal the Data
![Page 14: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/14.jpg)
Data Breach
![Page 15: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/15.jpg)
![Page 16: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/16.jpg)
Hands-On SQL Injection Project
• http://samsclass.info/124/proj11/SQLi-MPICT.htm
![Page 17: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/17.jpg)
Series of Projects
![Page 18: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/18.jpg)
Open Web Application Security Project (OWASP)
– Open, not-for-profit organization dedicated to finding and fighting vulnerabilities in Web applications
– Publishes the Ten Most Critical Web Application Security Vulnerabilities
![Page 19: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/19.jpg)
Top-10 Web application vulnerabilities
• Cross-site scripting (XSS) flaws– Attackers inject code into a web page, such as a
forum or guestbook– When others user view the page, confidential
information is stolen – See link Ch 10za
• Command injection flaws– An attacker can embed malicious code and run a
program on the database server– Example: SQL Injection
![Page 20: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/20.jpg)
Top-10 Web application vulnerabilities
• Malicious file execution– Users allowed to upload or run malicious files
• Unsecured Direct Object Reference– Information in the URL allows a user to
reference files, directories, or records
• Cross-site Request Forgery (CSRF)– Stealing an authenticated session, by
replaying a cookie or other token
![Page 21: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/21.jpg)
Top-10 Web application vulnerabilities
• Information Leakage and Incorrect Error Handling– Error messages that give away too much
information
• Broken Authentication and Session Management– Allow attackers to steal cookies or passwords
![Page 22: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/22.jpg)
Top-10 Web application vulnerabilities
• Unsecured cryptographic Storage– Storing keys, certificates, and passwords on a Web
server can be dangerous
• Unsecured Communication – Using HTTP instead of HTTPS
• Failure to Restrict URL Access– Security through obscurity– Hoping users don't find the "secret" URLs
![Page 23: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/23.jpg)
Cross-Site Scripting (XSS)
• One client posts active content, with <script> tags or other programming content
• When another client reads the messages, the scripts are executed in his or her browser
• One user attacks another user, using the vulnerable Web application as a weapon
23
![Page 24: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/24.jpg)
<script>alert("XSS vulnerability!")</script><script>alert(document.cookie)</script><script>window.location="http://www.ccsf.edu"</script>
24
![Page 25: Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b9217550346d6338b5f77/html5/thumbnails/25.jpg)
XSS Scripting Effects
• Steal another user's authentication cookie– Hijack session
• Harvest stored passwords from the target's browser
• Take over machine through browser vulnerability
• Redirect Webpage• Many, many other evil things…
25