Presentation is loading. Please wait.

Presentation is loading. Please wait.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

Published byMargarita Hendy Modified over 9 years ago

Similar presentations

Presentation on theme: "HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC."— Presentation transcript:

1 HI-TEC 2011 SQL Injection

2 Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC or OLE DB Or ADO

3 Common Web Application Vulnerabilities

4 Cross-Site Scripting (XSS) SQL Injection Cross-Site Request Forgery (CSRF)

5 Cross-Site Scripting (XSS) Attacks One user injects code that attacks another user Common on guestbooks, comment pages, forums, etc. Caused by failure to filter out HTML tags –These characters " & –Also watch out for hex-encoded versions %3c instead of < %3e instead of > %22 instead of "

6 Cross-Site Scripting (XSS) One client posts active content, with tags or other programming content When another client reads the messages, the scripts are executed in his or her browser One user attacks another user, using the vulnerable Web application as a weapon 6

7 alert("XSS vulnerability!") alert("XSS vulnerability!") alert(document.cookie) alert(document.cookie) window.location="http://www.ccsf.edu" window.location="http://www.ccsf.edu" 7

8 XSS Scripting Effects Steal another user's authentication cookie –Hijack session Harvest stored passwords from the target's browser Take over machine through browser vulnerability Redirect Webpage Many, many other evil things… 8

9 Common XSS Payloads See link Ch 12z06

10 Cross-Site Scripting Countermeasures Filter out ( ) # & and the variants of them HTML-encode output, so a character like < becomes < -- that will stop scripts from running In IE 6 SP1 or later, an application can set HttpOnly Cookies, which prevents them from being accessed by scripts Analyze your applications for XSS vulnerabilities –Fix the errors you find

11 Common Web Application Vulnerabilities SQL Injection

12 SQL Injection Comic xkcd.org – a great comic Link Ch 11i

13 SQL Injection Example HTML form collects name and pw SQL then uses those fields: SELECT * FROM customer WHERE username = ‘name' AND password = ‘pw' If a hacker enters a name of ’ OR 1=1 -- The SQL becomes: SELECT * FROM customer WHERE username = ‘’ OR 1=1 --' AND password = ‘pw‘ Which is always true, and returns all the records

14 HackThisSite

15 WebGoat Demo

16 Web App Vulnerability Scanner

17 Finding Vulnerable Web Apps with Google Inurl:SELECT%20FROM

18 Expensive Commercial Tools HP WebInspect and Security Toolkit Rational AppScan Cenzic Hailstorm

19 Highly rated commercial Web applicaion vulnerability scanner –Links Ch 11o, 11p

20 Other Web Vulnerabilities

21 Nikto

22 Tamper Data Demo Vulnerable Message Board

23 Acts like a proxy server You can see POST data and alter it This will defeat client-side validation

24 Cold Calls

Download ppt "HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
SecuBat: An Automated Web Vulnerability Detection Framework

SecuBat: An Automated Web Vulnerability Detection Framework
Webgoat.

Webgoat.
Cross-site Request Forgery (CSRF) Attacks

Cross-site Request Forgery (CSRF) Attacks
Past, Present and Future By Eoin Keary and Jim Manico

Past, Present and Future By Eoin Keary and Jim Manico
Web Security Never, ever, trust user inputs Supankar.

Web Security Never, ever, trust user inputs Supankar.
Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.

Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.
© 2008 Security Compass inc. 1 Firefox Plug-ins for Application Penetration Testing Exploit-Me.

© 2008 Security Compass inc. 1 Firefox Plug-ins for Application Penetration Testing Exploit-Me.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.

Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
EECS 354 Network Security Cross Site Scripting (XSS)

EECS 354 Network Security Cross Site Scripting (XSS)
Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.

Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.

COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
9/9/2005 Developing Secure Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.

9/9/2005 Developing "Secure" Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

Similar presentations

Ads by Google