Welcome to Blackhat! Blackhat Security Briefings Amsterdam 2001 Timothy M. Mullen AnchorIS.Com, Inc. Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Slides:



Advertisements
Similar presentations
Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.
Advertisements

Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Welcome to Blackhat! Blackhat Security Briefings New Orleans- Feb 2002 Timothy M. Mullen AnchorIS.Com, Inc. Blackhat New Orleans – Feb 2002; Timothy M.
Security Issues and Challenges in Cloud Computing
1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Introduction to Application Penetration Testing
Prevent Cross-Site Scripting (XSS) attack
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Security Testing Case Study 360logica Software Testing Services.
Attacking Applications: SQL Injection & Buffer Overflows.
Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.
Beyond negative security Signatures are not always enough Or Katz Trustwave ot.com/
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
Input Validation – common associated risks  ______________ user input controls SQL statements ultimately executed by a database server
Timothy Mullen, AnchorIS.Com Blackhat Vegas Grabbin’ Creds: Forcing SQL libs to deliver LM/NT challenge and response on the back channel… Timothy.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.
Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.
Web Applications Testing By Jamie Rougvie Supported by.
Building Secure Web Applications With ASP.Net MVC.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
DAT356 Hackers Paradise SQL Injection Attacks Doug Seven, Microsoft MVP Cofounder of SqlJunkies.com
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Web Application Vulnerabilities ECE 4112 Internetwork Security, Spring 2005 Chris Kelly Chris Lewis April 28, 2005 ECE 4112 Internetwork Security, Spring.
ADO.NET AND STORED PROCEDURES - Swetha Kulkarni. RDBMS ADO.NET Provider  SqlClient  OracleClient  OleDb  ODBC  SqlServerCE System.Data.SqlClient.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.
Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.
Module: Software Engineering of Web Applications Chapter 3 (Cont.): user-input-validation testing of web applications 1.
INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll
Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.
Database and Cloud Security
Group 18: Chris Hood Brett Poche
Web Application Security
Module: Software Engineering of Web Applications
SQL Server Security & Intrusion Prevention
# 66.
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Chapter 7: Identifying Advanced Attacks
API Security Auditing Be Aware,Be Safe
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Security mechanisms and vulnerabilities in .NET
Defense in Depth Web Server Custom HTTP Handler Input Validation
RestrictAnonymous: Enumeration and the Null user
Chapter 13 Security Methods Part 3.
Lecture 2 - SQL Injection
Web Programming Language
Lecture 27 Security I April 4, 2018 Open news web sites.
Presentation transcript:

Welcome to Blackhat! Blackhat Security Briefings Amsterdam 2001 Timothy M. Mullen AnchorIS.Com, Inc. Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Web Vulnerability and SQL Injection Countermeasures Securing your servers from the most insidious of attacks: The demands of the Global Marketplace have made web development more complex than ever. With customer demands and competitive influences, the functions our applications must be capable of performing constantly push our development into new areas. Even with enterprise firewall solutions, hardened servers, and up-to-date web server software in place and properly configured, poor design methodology can leave our systems open for attack. Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Session Overview Part I: ∙ Vulnerabilities Client-side HTML, URL Manipulation, SQL Injection ∙ Countermeasures Input Validation, Data Sanitation, Variable Typing, Procedure Structure, Permissions and ACL’s. Part II: ∙ Live Demos highlighting real-word sites with different issues, participant involvement and brainstorming ∙ SQueaL Demo(SQueaL is a NTLM logging rouge SQL server app) Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Part I Vulnerabilites ∙ Client-side HTML ∙ URL Manipulation ∙ SQL Injection Countermeasures ∙ Implementation/Setup∙ Input Validation ∙ Data Sanitation∙ Variable Typing ∙ Procedure Structure∙ Permissions and ACL’s Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Vulnerabilities – Lab Demos Client-side HTML Issues ∙ Web Forms ∙ Input/Select controls ∙ Hidden Fields URL Manipulation ∙ Editing the URL ∙ Session variables ∙ Cookies SQL Injection ∙ The possibilities are endless! Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Countermeasures- Lab Demos Implementation and Setup ∙ ADODB Connection Strings and DSN’s ∙ ODBC Error reporting ∙ Custom error pages Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Countermeasures- Lab Demos Input Validation ∙ Querystring count checking ∙ Data Type Validation ∙ Value/Length Checking ∙ Extents/Boundary Checking ∙ Host submission limits per unit of time Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Countermeasures- Lab Demos Data Sanitation ∙ REPLACE function ∙ RegExp function ∙ Custom functions / explicit declarations Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Countermeasures- Lab Demos Variable Typing ∙ Command object ∙ Parameter declaration ∙ Command type declaration ∙ Execute as methods Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Countermeasures- Lab Demos SQL Stored Procedure Structure ∙ Use stored procedures whenever possible ∙ Type cast variables ∙ Create and use Views as table sources ∙ Avoid “Select *” statements for performance as well as security ∙ sp_executeSQL procedure for ad hoc queries Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Countermeasures- Lab Demos Permissions and ACL’s. ∙ Open views, but lock down tables ∙ Use groups ∙ lock down xp_cmdshell, xp_sendmail or remove ∙ SQL Service context ∙ Integrated/Mixed security Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Web Vulnerability and SQL Injection Countermeasures Part I Concluded 15 Minute Break Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Web Vulnerability and SQL Injection Countermeasures Welcome Back! Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Part II Live Web Demos and Feedback ∙ Expose potentially insecure implementations of web applications ∙ Discuss potential vulnerabilities and exploits ∙ Mitigation and Prevention SQUeaL Demo: Grabbing NTLM responses from unsuspecting users Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Web Vulnerabilities- Live Demos Real-world web application issues and feedback Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Web Vulnerabilities- Live Demos SQUealL: NTLM logging rouge SQL Server ∙ Linux server application based on DilDog’s “TalkNTLM” code ∙ Waits for TCP/IP connection on 1433, and attempts to authenticate via NTLM ∙ Logs domain, username, and NTLM response Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Web Vulnerabilities- Live Demos SQUeaL: Getting them to connect ∙ ADODB Connection (Lame) conn=new ActiveXObject("ADODB.Connection"); conn.ConnectionString='Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=pubs;Data Source= ;Network Library=dbnetlib'; conn.Open(); Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Web Vulnerably and SQL Injection Countermeasures SQUeaL: Getting them to connect ∙ DBNETLIB (Not so lame) {ns = new ActiveXObject("SQLNS.SQLNamespace"); ns.Initialize ("Grabber", 2, "Server= ;Trusted_Connection=Yes; Network Library=dbnetlib.dll");} Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Web Vulnerability and SQL Injection Countermeasures Closing Remarks Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

THANK YOU! Additional Resources: abase.asp abase.asp abase.asp abase.asp Blackhat Amsterdam, 2001 Timothy M. Mullen, AnchorIS.Com;

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.