Upload File

hands-on sql injection attack and defense winter ict educator conference jan. 3-4, 2013

  • Home
  • Documents
  • Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013
17
Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

Upload: douglas-sparks

Post on 13-Jan-2016

213 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

Hands-on SQL Injection Attack and Defense

Winter ICT Educator Conference

Jan. 3-4, 2013

Page 2: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

Bio

Page 3: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

How Important is SQL Injection?

Page 4: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

• SQL injection continues to reign as hackers' most consistently productive technique for stealing massive dumps of sensitive information within corporate databases.

• In fact, according to analysis done by database security firm Imperva of breach events between 2005 and July of this year, 82 percent of lost data due to hacking was courtesy of SQL injection.

• http://www.darkreading.com/database-security/167901020/security/news/240006491/hacktivists-continue-to-own-systems-through-sql-injection.html

Page 5: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

• http://news.techworld.com/security/3331283/barclays-97-percent-of-data-breaches-still-due-to-sql-injection/

Page 6: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

• In 2008 SQL Injection became the leading method of malware distribution

• 16 percent of websites are vulnerable to SQL Injection

• http://jeremiahgrossman.blogspot.com/2009/02/sql-injection-eye-of-storm.html

Page 7: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013
Page 8: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

Are You Vulnerable?

Page 9: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

Example SQL Injection Vulnerability

Page 10: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013
Page 11: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013
Page 12: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013
Page 13: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

The Commands Used to Steal the Data

Page 14: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

Data Breach

Page 15: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013
Page 16: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

Hands-On SQL Injection Project

• http://samsclass.info/124/proj11/SQLi-MPICT.htm

Page 17: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

Series of Projects


Preventing SQL Injection Attack Based on Machine … · Preventing SQL Injection Attack Based on Machine Learning *1Eun Hong Cheon, 1Zhongyue Huang, 2Yon Sik Lee 1Department of Computer

SQL Injection Attack Discovery and Defending Mechanism for

Web Application Penetration Testing Using SQL Injection Attack

SEED WORKSHOP · SQL Injection Attack CSRF Attack Shellshock Attack Day 2 (Software/Hardware Security) Software Security Basics Buffer-Overflow Attack Capture-the-Flag Race Condition

Detecting Electromagnetic Injection Attack on FPGAs Using

Command Injection/Shell Injection - Exploit · command injection or shell injection are attack variants which causes arbitrary execution of commands supplied by a malicious web attacker

Neutralizing SQL Injection Attack using Server Side Code

Hash Injection Attack E

Packet Injection Attack and Its Defense in Software …xgao1/paper/tifs18.pdfPacket Injection Attack and Its Defense in Software-Defined Networks Shuhua Deng , Xing Gao, Zebin Lu,

A Classification of SQL Injection Attack Techniques and

A Technique for Preventing SQL Injection Attack and ...sci.tamucc.edu/~cams/projects/533.pdf · 1.3 SQL Injection Attack SQL injection Attack (SQLIA) is one type of web application

An Introduction of SQL Injection, Buffer Overflow & Wireless Attack

SQL injection and SYN attack

Security against false data injection attack in cyber ...Security against false data injection attack in cyber-physical systems Arpan Chattopadhyay & Urbashi Mitra Abstract—In this

SQL Injection Attack Detection & Prevention over Cloud ... · SQL Injection Attack Detection & Prevention over Cloud Services . Niharika Singh Ajay Jangra Upasana Lakhina Rajat Sharma

Single Node Injection Attack against Graph Neural Networks

A Survey on False Data Injection Attack and Detection in ...dkundur/course_info/smart-grid-sec... · Class Presentation, ... A Survey on False Data Injection Attack and Detection

1 SQL INJECTION & COUNTERMEASURES. Outline Introduce SQL Injection SQL Injection Attack Types Prevention of SQL Injection Attack (Countermeasures) 2

SQL Injection Attack and User Behavior Detection by … · 2016-09-12 · SQL Injection Attack and User Behavior Detection by Using Query Tree, ... detect the SQL Injection attacks

Policy Injection: A Cloud Dataplane DoS Attack - Netlab › uploads › files › 1605dd3...Policy Injection: A Cloud Dataplane DoS Attack Levente Csikor, Christian Rothenberg, Dimitrios

SQL Injection · Agenda • Code injection vulnerability - untrusted input inserted into query or command −Attack string alters intended semantics of command −Ex: SQL Injection

LEARNING LIBRARY INJECTION ATTACK USING PYBRAIN …

ASP.net SQL Injection Attack

SQL Injection Attack and Defense_2

LLFI: Lateral Laser Fault Injection Attack

SQL Injection Attack - index-of.esindex-of.es/Attacks/SQL injection attacks/chapter 2.pdf · SQL Injection Attack damaged to cause serious losses to the business process that is dependent

SQL injection attack

CSCI 5234 Web Security Lab3 SQL Injection Attack

Network Attack Injection

SQL Injection Finalv1 - Virtual Security Operations Center · 2014-08-25 · POPULAR TYPES OF SQL INJECTION ATTACKS ... SQL Injection Attack: SQL Operator Detected SQL Injection Bypass/Probing

SQL Injection; Attack & Prevention

lec20-codeinjectiondefense · 2009. 4. 8. · Code Injection Essential Steps Attack Code Injection Control Flow Hijacking Attack Code Execution Non-Executable ... become useless

A Classification of SQL Injection Attack Techniques and Countermeasures · 2007-02-23 · A Classification of SQL Injection Attack Techniques and Countermeasures William G.J. Halfond,

SQL Injection Attack - Syracuse University · 2006-09-27 · SQL Injection Attack Modus operandi... Sridhar.V.Iyer [email protected] Department of Computer & Informations Sciences Syracuse

Effective SQL injection attack reconstruction using ...dtpr.lib.athabascau.ca/action/download.php?filename=scis-07/open/... · EFFECTIVE SQL INJECTION ATTACK RECONSTRUCTION USING