attacks against database by: behnam hossein ami rnrn i { }
TRANSCRIPT
![Page 1: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/1.jpg)
Attacks Against
Databaseg
By:
Behnam
HosseinAmi
R
Ni{ }
![Page 2: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/2.jpg)
Top 10 Database Attacks1) Excessive Privilege Abuse 2) Legitimate Privilege Abuse 3) Privilege Elevation 4) Database Platform Vulnerabilities 5) SQL Injection 6) Weak Audit7) DOS8) Database Communication Protocol Vulnerabilities 9) Weak Authentication 10)Backup Data Exposure
}Privilege Attacks
![Page 3: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/3.jpg)
Privilege Attacks
1)Excessive Privilege Abuse University operator … Query-Level Access Control
2)Legitimate Privilege AbuseExport patient record Control volume of data retrieved
3)Privilege ElevationUse buffer overflow to become
admin IPS and Query-Level Access Control
![Page 4: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/4.jpg)
Mise
rab
le Pa
rt …
![Page 5: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/5.jpg)
4. Database Platform Vulnerabilities
Vulnerabilities in operating systems
0 Day AttacksUnpatched Systems
![Page 6: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/6.jpg)
Windows server 2008Year
# of Vulnerabilitie
s DoS
Code Executi
on Overfl
ow
Memory
Corruption
Sql Injecti
on XSS
Directory
Traversal
Http Respo
nse Splittin
g
Bypass something
Gain Information
Gain Privile
ges CSRF
File Inclusi
on
# of exploit
s
2007 1 1
2008 20 3 11 8 2 1 5 9
2009 78 8 47 16 15 1 2 13 1
2010 91 25 37 16 14 1 5 3 26 5
2011 105 18 17 11 10 4 3 2 66 2
2012 51 5 16 7 3 3 24
2013 104 18 23 24 7 1 2 2 66 5
2014 38 9 12 5 3 7 4 12 4
Total 488 86 164 87 51 5 1 21 17 212 26
% Of All 17.6 33.6 17.8 10.5 0.0 1.0 0.2 0.0 4.3 3.5 43.4 0.0 0.0
![Page 7: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/7.jpg)
Windows server 2008
![Page 8: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/8.jpg)
Year # of Vulnerabilities
DoS Code Execution
Overflow
Memory Corruptio
n
Sql Injection
XSS Directory
Traversal
Http Response Splitting
Bypass
something
Gain Information
Gain Privileges
CSRF File
Inclusion
# of exploits
2012 5 2 2 1 2
2013 51 12 17 18 3 1 2 2 21 4
2014 38 9 11 5 3 6 5 12 4
Total 94 21 30 25 6 1 9 7 35 8
% Of All 22.3 31.9 26.6 6.4 0.0 0.0 1.1 0.0 9.6 7.4 37.2 0.0 0.0
Windows server 2012
![Page 9: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/9.jpg)
Windows server 2012
![Page 10: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/10.jpg)
Year # of Vulnerabilities
DoS Code Execution
Overflow
Memory Corruptio
n
Sql Injection
XSS Directory
Traversal
Http Response Splitting
Bypass
somethin
g
Gain Information
Gain Privileges
CSRF File
Inclusion
# of exploits
2013
7 4 4 3 2 1
2014
38 8 13 5 4 5 5 12 4
Total 45 12 17 8 6 5 5 13 4
% Of All 26.7 37.8 17.8 13.3 0.0 0.0 0.0 0.0 11.1 11.1 28.9 0.0 0.0
Windows 8.1
![Page 11: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/11.jpg)
Windows 8.1
![Page 12: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/12.jpg)
SQL Server2005 sp3
Year # of Vulnerabilities
DoS Code Execution
Overflow
Memory Corruptio
n
Sql Injection
XSS Directory
Traversal
Http Response Splitting
Bypass
something
Gain Information
Gain Privileges
CSRF File
Inclusion
# of exploits
2009 8 8 6 3
2011 1 1
Total 9 8 6 3 1
% Of All 0.0 88.9 66.7 33.3 0.0 0.0 0.0 0.0 0.0 11.1 0.0 0.0 0.0
![Page 13: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/13.jpg)
SQL Server2005 sp3
![Page 14: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/14.jpg)
MySQL
Year # of
Vulnerabilities
DoS Code Execution Overflow
Memory Corruptio
n Sql
Injection XSS Directory Traversal
Http Response Splitting
Bypass something
Gain Informatio
n Gain
Privileges CSRF File Inclusion
# of exploits
2000 3 1 1
2001 6 1 2 3 1 3
2002 8 2 3 1 1
2003 5 1 2 2 1
2004 9 4 2 3 1
2005 11 3 4 1 1 1
2006 14 5 2 2 2 1 2 1
2007 10 4 1 1 1 3 2
2008 6 1 1 1 1 3
2009 7 4 1 1 1 2 1
2010 6 2 1 1 1 1
2011 16 16
2012 59 3 2 2 1 1
2013 43 1 2
2014 38 1 1 1
Total 241 47 23 20 1 4 1 3 10 4 9 4
% Of All 19.5 9.5 8.3 0.4 1.7 0.4 1.2 0.0 4.1 1.7 3.7 0.0 0.0
![Page 15: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/15.jpg)
MySQL
![Page 16: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/16.jpg)
Wappalyzer
![Page 17: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/17.jpg)
5. SQL Injection;--
![Page 18: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/18.jpg)
Pentest Monky.NETMSSQL Injection Cheat SheetOracle SQL Injection Cheat SheetMySQL SQL Injection Cheat Sheet…
![Page 19: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/19.jpg)
SQLmap a cool tool
![Page 20: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/20.jpg)
6. Weak Audit
• Problems of usual database audit tools– Lack of User Accountability – Performance Degradation– Separation of Duties
![Page 21: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/21.jpg)
7. DOS• Drawback of the “account locking” feature• DDOSControl in source
![Page 22: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/22.jpg)
DDOS Targets
![Page 23: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/23.jpg)
8. Database Communication Protocol Vulnerabilities
SQL is standardNo standard exists for:– Creating Client session– Conveying commands from client to server– Conveying data and status from server to client
![Page 24: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/24.jpg)
9. Weak Authentication
Brute Force Strong Authentication, Biometric,
… Integration Failed login Detection
Social EngineeringDirect Credential Theft
password complexity checkhttps://www.grc.com/haystack.htm
![Page 25: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/25.jpg)
10. Backup Data Exposure
![Page 26: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/26.jpg)
The best Solution for all problems…
![Page 27: Attacks Against Database By: Behnam Hossein Ami RNRN i { }](https://reader038.vdocument.in/reader038/viewer/2022102808/56649e715503460f94b6ef0d/html5/thumbnails/27.jpg)
GODMr. Ker@m@t Pour
& U
Special TNX to: