all your users are out to get you (okay, not all, but enough) · sql injection attacks conclusion...
TRANSCRIPT
![Page 1: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/1.jpg)
ALL YOUR USERS ARE OUT TO GET
YOU(Okay, not all, but
enough)
![Page 2: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/2.jpg)
SQL Injection Attacks Overview
Malicious users send input to forms that attempts to get more information than you intended or alter
the database in some way.
Possible impacts: Loss of sensitive data (UCLA), denial of service attacks, web page vandalism
An automated attack only needs to have a 1/10,000 chance in succeeding to be feasible.
![Page 3: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/3.jpg)
Sounds difficult. . .right?
Not validating user input is one of most common mistakes in programming in general – SQL
injection attacks take advantage of this flaw. They're easy to do and easy to automate.
![Page 4: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/4.jpg)
Prove it!
Web Goat is a fun demonstration of various web page security concerns. We're going to
concentrate on SQL injection.
Web Goat is a Tomcat web server that's vulnerable to SQL injection attacks (among
others). It's available at:http://www.owasp.org/index.php/Category:OWAS
P_WebGoat_Project
![Page 5: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/5.jpg)
Web Goat
![Page 6: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/6.jpg)
Lesson:How to Perform Blind SQL Injection
Let's go through this lesson together.
![Page 7: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/7.jpg)
Blind SQL Injection (1)
![Page 8: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/8.jpg)
Blind SQL Injection (2)
![Page 9: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/9.jpg)
Blind SQL Injection (3)
Is this app vulnerable? Yes! What's wrong with this response?
![Page 10: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/10.jpg)
Blind SQL Injection (4)
What will the admin see?
![Page 11: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/11.jpg)
Blind SQL Injection (5)
What if I want to get the userid associated with this account number?
![Page 12: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/12.jpg)
Blind SQL Injection (6)It would take a long time to try each number. But
we don't need to.
![Page 13: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/13.jpg)
Blind SQL Injection (7)
![Page 14: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/14.jpg)
Blind SQL Injection (8)A couple guesses later. . .
![Page 15: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/15.jpg)
Blind SQL Injection (9)But what about a different user? And can I find out
more?
![Page 16: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/16.jpg)
Blind SQL Injection (10)Guessing some more. . .
'Joesph' has a userid of 15613 and an
account number of 15613. 10 minutes of
work for a human. Much less for an
automated attacker.
![Page 17: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/17.jpg)
But that's just information leakage.
Ask UCLA about how bad that can be. But even beyond that there's more we can do with just this
attack.
The magic words?a' or '1'='1
(Magic words vary by application and database.)
![Page 18: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/18.jpg)
LAB: SQL Injection
Let's go through this lesson together.
![Page 19: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/19.jpg)
LAB: SQL Injection (1)
![Page 20: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/20.jpg)
LAB: SQL Injection (2)
![Page 21: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/21.jpg)
LAB: SQL Injection (3)
Foiled by the limit set on the number of letters in the field. That's ok. We can get around that.
![Page 22: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/22.jpg)
LAB: SQL Injection (4)
Larry isn't all that important. So what?
![Page 23: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/23.jpg)
SQL Injection Attacks Conclusion
This is just two examples of SQL injection attacks. These attacks can accomplish anything SQL can do. Do you have a form that just spits back the
results of a certain query? How about a form that accepts credit cards? What about a form that charges for things based on the price in the
database?
Are your logs vulnerable to SQL injection attacks?
![Page 24: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/24.jpg)
Defenses(A very abridged list.)Check your logs regularly to see if any attempts have succeeded. Make sure they're able to record such attacks.
Practice good programming – validate user input and always filter out characters that aren't needed. (Will a name ever include a '%'?)
Limit the rights of the user that runs the queries for the web form to the minimum necessary.
![Page 25: ALL YOUR USERS ARE OUT TO GET YOU (Okay, not all, but enough) · SQL Injection Attacks Conclusion This is just two examples of SQL injection attacks. These attacks can accomplish](https://reader033.vdocument.in/reader033/viewer/2022060410/5f1075c27e708231d4493799/html5/thumbnails/25.jpg)
Rest of time
Go through more of the lessons in Web Goat.