votd sql injection
play

VOTD: SQL Injection Engineering Secure Software Last Revised: - PowerPoint PPT Presentation

Oct 25, 2023 •287 likes •379 views

VOTD: SQL Injection Engineering Secure Software Last Revised: September 3, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is SQL Injection? Manipulating query strings to execute code Injecting SQL commands into

  1. VOTD: SQL Injection Engineering Secure Software Last Revised: September 3, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1

  2. What is SQL Injection? Manipulating query strings to execute code ● Injecting SQL commands into query strings ● CWE-89 ● SWEN-331: Engineering Secure Software Benjamin S Meyers 2

  3. Example private static String auth(String user, String pwd, Connection conn) throws SQLException { ResultSet resultSet; resultSet = conn.createStatement().executeQuery( "SELECT * FROM Users WHERE Username='" + user + "' AND Password='" + pwd + "'"); // BAD ^^^^^^ BAD ^^^^^ if (resultSet.next()) // any rows? return "Authenticated!!"; else return "Not authenticated!!"; } SWEN-331: Engineering Secure Software Benjamin S Meyers 3

  4. How Do You Do It? Line Comments: -- ● SELECT * FROM members WHERE username = ‘admin’--’ AND password = ‘password’ This can be used to bypass passwords and login as admin ○ Inline Comments: /* */ ● DROP ‘/*comment*/tablename’ This can be used to bypass blacklisting ○ And lots of other ways ● SWEN-331: Engineering Secure Software Benjamin S Meyers 4

  5. Example Executing arbitrary OS commands ● SQL 9.3+ ○ Any user with the pg_execute_server_program role can ○ execute arbitrary OS commands ○ COPY cmd_exec FROM PROGRAM `cat /root/.ssh/id_rsa` ○ COPY cmd_exec FROM PROGRAM `echo ‘ben ALL=(ALL:ALL) ALL’ >> /etc/sudoers` User roles ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 5

  6. Mitigations Prepared statements with binding variables ● Instead of: ○ SELECT Name, Salary FROM Employee WHERE Salary > *user_input*; Do: ○ String query = "SELECT Name, Salary FROM Employee WHERE Salary > ?"; PreparedStatement pstmt = conn.prepareStatement(query); pstmt.setInt(1, *user_input*); ResultSet rs = pstmt.executeQuery(); Escaping characters is a poor substitute (e.g. character sets) ● OO-relational mappers can mitigate some SQL injections, but ● they’re not foolproof SWEN-331: Engineering Secure Software Benjamin S Meyers 6

  7. Notes Applicable to most programming languages that can execute ● SQL: Java, Ruby, PHP, etc. Not particularly hard to fix, you just have to know to fix it ● Some people will tell you that you need lots of tools to fix SQL ● injection -- that’s a lie, just use prepared statements History and consequences of SQL-Injection ● SWEN-331: Engineering Secure Software Benjamin S Meyers 7

  8. Source: https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html SWEN-331: Engineering Secure Software Benjamin S Meyers 8

  9. Source: https://xkcd.com/327/ SWEN-331: Engineering Secure Software Benjamin S Meyers 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

VOTD: OS Command Injection Engineering Secure Software Last Revised: September 17, 2020

VOTD: OS Command Injection Engineering Secure Software Last Revised: September 17, 2020

VOTD: OS Command Injection Engineering Secure Software Last Revised: September 17, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is OS Command Injection Executing arbitrary commands on the host OS via a vulnerable

272 views • 8 slides
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Overviewtrated Account Summary Account: Account: "SELECT

445 views • 32 slides
5.2) Injections (part 2) Shell Injection, XML Injection, LDAP injection Emmanuel Benoist Spring

5.2) Injections (part 2) Shell Injection, XML Injection, LDAP injection Emmanuel Benoist Spring

5.2) Injections (part 2) Shell Injection, XML Injection, LDAP injection Emmanuel Benoist Spring Term 2016 Berner Fachhochschule | Haute cole spcialise bernoise | Berne University of Applied Sciences 1 Table of Contents Injection in PHP

995 views • 73 slides
A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks databases into reveal l information by way of the success or failure of injected querie ies Analogous example le: Login prompt that stops ps

602 views • 14 slides
Injection mismatch type of injection mismatch will lead to an emittance blow-up. Off axis

Injection mismatch type of injection mismatch will lead to an emittance blow-up. Off axis

Injection mismatch: As a rule, proton/ion accelerators need their full aperture at injection, thus avoiding mismatch allows a beam of larger normalized emittance * and containing more Protons. In proton/ion ring accelerators any Injection

454 views • 4 slides
A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application

A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application

A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application into executing commands or code embedded in data Data and code mixing! Often injected into interpreters SQL, PHP, Python, JavaScript, LDAP,

377 views • 14 slides
INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

TECHNOLOGY APPLICATIONS FOR HYDRO ISOLATION AND REPAIR OF UNDERGROUND FACILITIES INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible mass of mineral origin, for both dry and wet surfaces solvent-free,

487 views • 21 slides
INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

TECHNOLOGY APPLICATIONS FOR HYDRO ISOLATION AND REPAIR OF UNDERGROUND FACILITIES INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible mass of mineral origin, for both dry and wet surfaces solvent-free,

466 views • 29 slides
VOTD: XSS & CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331:

VOTD: XSS & CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331:

VOTD: XSS & CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is XSS? XSS: Cross Site Scripting Injecting malicious scripts into a web page CWE-79

772 views • 12 slides
Injection Safety Every Provider s Responsibility Outline Safe Injection

Injection Safety Every Provider s Responsibility Outline Safe Injection

Injection Safety Every Provider s Responsibility Outline Safe Injection Practices The ONE and ONLY Campaign Outbreak History Mistaken Beliefs A Call to Action Resources and Information

591 views • 20 slides
Reaction Injection Molding (RIM)- Low Quantity Injection Molding for the Life Sciences Industry

Reaction Injection Molding (RIM)- Low Quantity Injection Molding for the Life Sciences Industry

Reaction Injection Molding (RIM)- Low Quantity Injection Molding for the Life Sciences Industry Presented by: Ken Schweitz, President and Doug Culbertson, VP Business Development of Premold Corp Section I. Advantages of RIM Economical

441 views • 29 slides
VOTD: Log Neutralization Engineering Secure Software Last Revised: September 2, 2020 SWEN-331:

VOTD: Log Neutralization Engineering Secure Software Last Revised: September 2, 2020 SWEN-331:

VOTD: Log Neutralization Engineering Secure Software Last Revised: September 2, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is Log Neutralization? If you allow newlines ( \n ) in your log entries, then attackers

260 views • 7 slides
C0 2 / Acid Gas Injection Well Injection Well Conversion Prepared for the 5 Th Well Bore

C0 2 / Acid Gas Injection Well Injection Well Conversion Prepared for the 5 Th Well Bore

C0 2 / Acid Gas Injection Well Injection Well Conversion Prepared for the 5 Th Well Bore Integrity Network Meeting. Calgary Alberta May 14, 2009 Agenda Wellbore integrity Well design with annular integrity Well design without

443 views • 22 slides
Underground Injection Control (UIC) Permitting, Testing and Monitoring Injection-Storage Permits

Underground Injection Control (UIC) Permitting, Testing and Monitoring Injection-Storage Permits

Underground Injection Control (UIC) Permitting, Testing and Monitoring Injection-Storage Permits Unit February, 2019 1 Railroad Commission of Texas | June 27, 2016 (Change Date In First Master Slide) Session Overview Overview: UIC Online

1.01k views • 79 slides
Stage Fractional- N Injection-Locked PLL Using Soft Injection Dongsheng Yang, Wei Deng, Tomohiro

Stage Fractional- N Injection-Locked PLL Using Soft Injection Dongsheng Yang, Wei Deng, Tomohiro

1S-1 An Automatic Place-and-Routed Two- Stage Fractional- N Injection-Locked PLL Using Soft Injection Dongsheng Yang, Wei Deng, Tomohiro Ueno, Teerachot Siriburanon, Satoshi Kondo, Kenichi Okada, and Akira Matsuzawa Tokyo Institute of

423 views • 10 slides
NEVO sequential gas injection system New sequential gas injection system NEVO Answer for

NEVO sequential gas injection system New sequential gas injection system NEVO Answer for

NEVO sequential gas injection system New sequential gas injection system NEVO Answer for market expectations Modern cars Demanding users Workshop time saving KME trademark Major assumptions of NEVO system Simple Quick to

222 views • 21 slides
Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011

Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011

Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Advanced Web Technology 10) XSS, CSRF and SQL Injection 1 Table of Contents Cross Site Request

659 views • 39 slides
SQL Injection: Summary Target: web server that uses a back-end database Attacker goal:

SQL Injection: Summary Target: web server that uses a back-end database Attacker goal:

SQL Injection: Summary Target: web server that uses a back-end database Attacker goal: inject or modify database commands to either read or alter web-site information Attacker tools: ability to send requests to web server (e.g.,

89 views • 4 slides
Introduction to SQL Injection Professor Larry Heimann Web Application Security Information Systems

Introduction to SQL Injection Professor Larry Heimann Web Application Security Information Systems

Introduction to SQL Injection Professor Larry Heimann Web Application Security Information Systems Lab 4 Review Fastest crackers Jake Correa Achal Channarasappa Swathi Anand Peter Podniesinski Chanamon Ratanalert Review

472 views • 22 slides
SENIOR PHASE 2019-20 Bucksburn Expectations Returning to school will involve you agreeing

SENIOR PHASE 2019-20 Bucksburn Expectations Returning to school will involve you agreeing

SENIOR PHASE 2019-20 Bucksburn Expectations Returning to school will involve you agreeing to take on the responsibilities of becoming a Senior Student; being committed to learn, demonstrating responsibility , increasing in

532 views • 27 slides
Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th March 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

81 views • 7 slides
Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel

Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel

Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Outline Web Application Security, Part I Brief introduction to HTML and Web applications (e.g., scripts) The

618 views • 38 slides
Overview/Questions Review: the Python tuple sequence. How does a custom application

Overview/Questions Review: the Python tuple sequence. How does a custom application

CS108 Lecture 21: The Python DBABPI Aaron Stevens 18 March 2009 1 Overview/Questions Review: the Python tuple sequence. How does a custom application program connect to a database? How are SQL queries formed using parameterized

724 views • 11 slides
Lecture 3.3: Solving differential equations with Fourier series Matthew Macauley Department of

Lecture 3.3: Solving differential equations with Fourier series Matthew Macauley Department of

Lecture 3.3: Solving differential equations with Fourier series Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4340, Advanced Engineering Mathematics M. Macauley (Clemson)

234 views • 4 slides

More recommend