SQL Injection - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

SQL Injection

Description:

SQL Injection Are Your Web Applications Vulnerable? A SPILABS Whitepaper Presentation by Joe Combs 29 March 2006 Agenda SQL Injection Defined What Can Attackers ... – PowerPoint PPT presentation

Number of Views:971
Avg rating:3.0/5.0
Slides: 11
Provided by: JoeC53
Category:
Tags: sql | injection

less

Transcript and Presenter's Notes

Title: SQL Injection


1
SQL Injection
  • Are Your Web Applications Vulnerable?

A SPILABS Whitepaper
Presentation by Joe Combs 29 March 2006
2
Agenda
  • SQL Injection Defined
  • What Can Attackers Accomplish?
  • Solutions
  • A Surprising Example

3
What is SQL Injection?
  • Database layer vulnerability
  • Characters like and have special meaning to
    SQL engine
  • String myQuery SELECT credit_card_nbr
  • FROM cust_acct
  • WHERE cust_id
  • custIDVar
  • What if custIDVar is passed something like this?
  • drop table cust_acct--

4
Why SQL Injection?
  • Footprinting allows an attacker to systematically
    deduce the structure of your database through
    carefully crafted injections
  • Unauthorized data access
  • Execute arbitrary commands

5
Solutions
  • Security through obscurity is a first (weak) step
  • use original (harder to guess) table column
    names
  • name form fields different from column names
  • use aliases for table names

6
Solutions
  • Strip risky characters from data passed in from
    outside.
  • Better yet - filter with a default-deny regular
    expression
  • Stored Procedures
  • may hide some of the details of your database but
    once an attacker has a successful injection they
    can leave you wide open - see xp_cmdshell in MS
    SQLServer.

7
Solutions
  • Limit the rights of the database user to prevent
    running of system stored procedures
  • Prepared Queries - bind variables
  • String myQuery SELECT credit_card_nbr
  • FROM cust_acct
  • WHERE cust_id 1

8
An Unexpected Twist
  • RFID!
  • Use of RFID increasingly common thanks to major
    push from corporations like Wal-Mart
  • RFID tag reports inventory lot number or some
    other relevant data - what if a devious person
    doctored a tag to include extra characters in
    that stock number?

9
Conclusions
  • Dont trust user supplied data
  • Do more than scrub risky characters - use regular
    expressions to black list or better yet white
    list data
  • Be leery of stored procedures
  • Use prepared queries both to boost performance
    and ensure query execution doesnt get hijacked

10
References
  • Stephen Kost, An Introduction to SQL Injection
    Attacks for Oracle Developers,
    http//www.integrigy.com/info/IntegrigyIntrotoSQLI
    njectionAttacks.pdf, 2004
  • Various Authors, Wikipedia article,
    http//en.wikipedia.org/wiki/SQL_injection
  • Stuart McDonald, SQL Injection Modes of attack,
    defence, and why it matters, http//www.sans.org/
    rr/whitepapers/securecode/23.php, 2002
  • Colin Angus Mackay, SQL Injection Attacks and
    Some Tips on How to Prevent Them,
    http//www.codeproject.com/cs/database/SqlInjectio
    nAttacks.asp?df100forumid146482exp0select11
    12305, 2005
  • http//www.rfidvirus.org/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SQL Injection" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!