Presentation is loading. Please wait.

Presentation is loading. Please wait.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez."— Presentation transcript:

1 07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez

2 07 December 2009Slide 2 of 9 Agenda 1. Overview of SQL Injection 2. Elaboration 3. Detection 4. Prevention 5. Wrap-up

3 07 December 2009Slide 3 of 9 Types of SQL Injection Three types ◦ In-band: same user interface i.e. webpage ◦ Out-of-band: different communications channel i.e. e-mail Inferential: can’t see the results of injection i.e. blind SQL injection ◦ Error Based – asking the database questions ◦ a‘ or ‘a’ = ‘a Answer may be returned as an error ◦ Union Based – combines the results of two SQL statements ◦ SELECT * from lastname UNION SELECT * from office Blind – asks the database true and false questions may not see specific results ◦ Interrupt or deduce results ◦ Game of 20 questions

4 07 December 2009Slide 4 of 9 SQL Injection Tools SQL Map* is a tool that aids in the fingerprinting of a backend database SQL Ninja* http://sqlninja.sourceforge.net/http://sqlninja.sourceforge.net/ ◦ Aids in the exploitation of SQL injection vulnerabilities can provide root level command access to system Automagic SQL Injector* ◦ Designed to work with generic installation of MS SQL  http://scoobygang.org/magicsql/ http://scoobygang.org/magicsql/ ◦ Videos on SQL injection can be found on the internet one great source  http://securitytube.net/ http://securitytube.net/ *Source: EC Council Certified Ethical Hacker Volume 3 Chapter 19

5 07 December 2009Slide 5 of 9 Google Hacking Use the Google search engine to identify information or web sites with poor security practices Advanced Operators aid the search Intitle: - restricts the search to text in the title of the page Ex. intitle: SQL allintitle: - similar to intitle operator, allows concatenation of key words in title search Ex. allintitle: SQL Password (is the same as intitle: SQL intitle: Password) inurl:, allinurl: - will search for keywords in the URL Ex. inurl: login.aspx site: - will narrow the search a specific site or domain like uccs.edu or.gov Ex. site:.uccs.edu filetype: - used to search for a specific file like doc, php,cgi, or aspx Ex. filetype:aspx (do not use dot operator to identify the file type, like.doc) intext: - will identify keywords in the text of the webpage Ex. intext: SQL Injection http://johnny.ihackstuff.com/ghdb/

6 07 December 2009Slide 6 of 9 Detection Application layer firewalls ◦ Inspects each packet, decides to pass or reject ◦ Easier to update firewall rules than update application program code Intrusion Detection System (IDS) ◦ Network-based, Systems-based, Host-based ◦ Compares packets to known signatures

7 07 December 2009Slide 7 of 9 Prevention Mitigate the risk Review web applications, program code, and back-end system design SQL queries should be parameterized or stored procedures Validate user input

8 07 December 2009Slide 8 of 9 Prevention continued Restrict privileges White lists and black lists

9 07 December 2009Slide 9 of 9 Wrap-up SQL Injection is increasing in prevalence Not possible to absolutely defend against all possible attacks Risk of attack can be reduced: ◦ Maintain firewalls, intrusion detection / prevention systems ◦ Manage access to queries through parameterization and stored procedures ◦ Always validate user input ◦ Restrict accounts ◦ Use whitelists and blacklists.

Download ppt "07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Becoming a search ninja.. First. Know your enemy.

Becoming a search ninja.. First. Know your enemy.
Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.

Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.
Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.

Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.
How Did I Steal Your Database Mostafa

How Did I Steal Your Database Mostafa
Google Search Using internet search engine as a tool to find information related to creativity & innovation.

Google Search Using internet search engine as a tool to find information related to creativity & innovation.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)

Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Searching The Web Search Engines are computer programs (variously called robots, crawlers, spiders, worms) that automatically visit Web sites and, starting.

Searching The Web Search Engines are computer programs (variously called robots, crawlers, spiders, worms) that automatically visit Web sites and, starting.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
8/2/2007 Google Search Tips: Advanced Features By Robin Hartman, Associate Librarian Darling Library – Hope International University Adapted from “A Google.

8/2/2007 Google Search Tips: Advanced Features By Robin Hartman, Associate Librarian Darling Library – Hope International University Adapted from “A Google.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
Www.TASK.to GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.

GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Similar presentations

Ads by Google