SlideShare a Scribd company logo

Sql Injection - Vulnerability and Security

Sandip Chaudhari
Sandip Chaudhari

What is SQL Injection? Why does this problem exist? How it can be exploited? How to secure your app against this vulnerability?

1 of 42
Downloaded 394 times
SQL  Injec*on   Vulnerability  and  Security     -­‐  Sandip  Chaudhari   [    ]  
Welcome   •  Our  first  meet   •  It’s  got  be  special!   •  Who  likes  geEng  injected?   •  Guests?  Welcome   •  Join,  voice-­‐in   •  AEtude!  
Dualism   •  We  got  2  hours  today   •  We  got  to  have  2  introduc*ons  –  Me  &  You   •  We  got  to  look  into  Vulnerability  and  Security   •  Binary  -­‐  It’s  all  about  0  and  1   •  Today’s  date  is  25!   •  We  are  doomed!  We  didn’t  do  this  event  at         2  PM!     •  Just  kidding…  
2  Introduc*ons  –  Too  much  about  me   •  13+  years  experience  in  SoZware  and  Informa*on  Security  Industry   •  6+  years  worked  as  a  Professional  SoZware  Security  Analyst  and  Secure  Code   Auditor   •  100+  in-­‐house  vulnerabili*es  discovered  and  reported   •  Presented  Security  Research  Paper  at  various  security  conferences  around  the   globe  including  New  York,  USA,  Luxembourg,  Luxembourg,  Tokyo,  Japan,   Bangalore,  India   •  Undertook  mul*ple  responsibili*es  in  various  roles  like  –  Security  Analyst,   Applica*on  Developer,  Project  Manager,  SoZware  Applica*on  Architect,   Informa*on  Security  Researcher,  CTO   •  Proud  to  have  worked  along  with,  and  be  part  of  group  that  included  –  Dino  Dai   Zovi,  Shane  Macaulay,  Adam  Green,  Jonathan  Leonard  and  Jeremy  Jethro   •  Huh!  Who  cares…  
Castle  with  many  doors!   •  Which  door  was  leZ   open?   •  But  text  input  is  a  valid   entry  at  mul*ple  doors!   •  It’s  all  about  entry   though…   •  So  what  causes  SQL   injec*on?    
Entry,  entry,  entry!   •  SQL  is  used  to  save  /  read  /  delete  /  update   data  into  the  database   •  SQL  is  THE  language  that  is  most  commonly   used  by  applica*ons,  to  talk  to  the  database   •  But  SQL  exists  only  in  the  developer’s  /   implementer’s  world     •  End-­‐user  should  never  have  to  bother  about   SQL  to  store/access  her/his  name  or  to  login   •  Hmm,  maybe  true.  But  what  if  …  ?  
But  what  if  …  ?   •  End  user  directly  provides  SQL  at  the  client   (view)  end?   •  That  SQL  code  might  travel  all  the  way  via   client-­‐end,  network,  webserver,  applica*on   layers,  to  the  database   •  What  happens  when  it  reaches  the  database?   •  Does  database  know  or  really  care,  who  or   which  end  point  provided  SQL?  
What  is  really  going  on?  
SQL  Injec*on   •  Wikipedia  –  SQL  injec*on  is  a  code  injec*on   technique  that  exploits  a  security  vulnerability  in   an  applica*on’s  soZware   •  Database  is  doing  it’s  job.  It’s  developer’s   responsibility!  Aaaaaargh….!!!   •  Hacker  injects  her/his  secret,  malicious  code,  via   a  valid  input  field.  That  input  travels  as  a  valid   entry,  through  a  provided  open  door,  all  the  way   to  the  database  –  Brilliant     •  It’s  aZer  reaching  the  database,  poison  of  the   malicious  code  starts  ac*ng!  
SQL  Injec*on  2012  Stats   •  Wikipedia  –  In  opera*onal  environments,   applica*ons  experience  an  average  of  71  SQL   injec*on  alempts  an  hour   •  Barclays:  97%  of  data  breaches  s*ll  due  to  SQL   Injec*on   •  Firehost  (July  2012):  SQL  Injec*on  alacks  up   by  69%.  From  277,770  in  Q1  2012  to  469,983   in  Q2  2012  
SQL  Injec*on  Feb  2013  Stats  hlp://hackmageddon.com/2013/02/22/1-­‐15-­‐february-­‐2013-­‐cyber-­‐alacks-­‐sta*s*cs/   DDOS  Egypt   Govt  -­‐  OpEgypt   OpKashmir   Hack*vism   -­‐  OpBankUnderAlack  
SQL  Injec*on  Feb  2013  Stats  hlp://hackmageddon.com/2013/02/22/1-­‐15-­‐february-­‐2013-­‐cyber-­‐alacks-­‐sta*s*cs/  
SQL  Injec*on  Feb  2013  Stats  hlp://hackmageddon.com/2013/02/22/1-­‐15-­‐february-­‐2013-­‐cyber-­‐alacks-­‐sta*s*cs/  
SQL  Injec*on  Feb  2013  Stats  hlp://hackmageddon.com/2013/02/22/1-­‐15-­‐february-­‐2013-­‐cyber-­‐alacks-­‐sta*s*cs/  
SQL  Injec*on  Feb  2013  Stats  hlp://hackmageddon.com/2013/02/22/1-­‐15-­‐february-­‐2013-­‐cyber-­‐alacks-­‐sta*s*cs/  
WHAT?  That  data  was  never  supposed   to  be  shared!  
It’s  all  about  parsing,  interpre*ng,   processing  
SQL  Parser  –  Simplis*c  View   •  Imagine  that  SQL  Parser  simply  extracts  and   separates  -­‐  DB  opera*on  instruc*ons  and  data   elements   •  Example  –  username=‘alice’  has  alice  as  data   element,  separated  by  quote  (‘)   •  Thus  parser  uses  some  delimiters’  help  to   separate  data  from  instruc*ons  
Again,  SQL  Injec*on   •  SQL  Injec*on  =  <instruc*ons  [+  data]>  reaching   database,  injected  at  a  point  where  applica*on   only  expects  data   •  Always,  there  is  an  input  (entry)  to  start  it  all!   •  Then  there  is  some  processing  on  that  input   •  Processing  almost  always  entails  certain   expecta*ons  of  what  the  input  maybe   •  When  an  input  expecta2on  overlaps  trust,  a   vulnerability  is  born   •  Hackers  manipulate  trust  &  exploit  vulnerability  
SQL  Injec*on   Alack  Vector   Classifica*on     Source:  Wikipedia  
Why  bother  about  SQL  Injec*on?   •  Credit  card  informa*on   •  Usernames,  Passwords   •  Sensi*ve  Informa*on  –   medical  records   •  Spoof  iden*ty   •  Tampering  with  data   •  Repudia*on  issues   •  Reveal  DB  structure   •  Operate  as  Admin   •  Delete  en*re  DB   •  Execute  system  commands   •  Elevate  privileges  and   compromise  the  whole   system  
SQL  Injec*on  -­‐  Basics   •  $sql  =  “SELECT  *  FROM  Users  where  firstName   =  ‘”  .  $firstName  .”’”;   •  User  provides:  ‘  or  ‘1’=‘1   •  SQL  String:  “SELECT  *  FROM  Users  where   firstName  =  ‘’  or  ‘1’=‘1’”   •  Few  Others  (source:  Wikipedia)   ‘  or  ‘1’=‘1’  –  ‘   ‘  or  ‘1’=‘1’  ({  ‘   ‘  or  ‘1’=‘1’  /*  ‘  
SQL  Injec*on  Type  –  Tautology   Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology   •  Alack  Intent:   – By  pass  authen*ca*on,  Iden*fy  injectable   parameters,  extract  data   •  General  inten*on  is  to  submit  a  query  that  will   always  return  true   ‘  or  1=1    :    is  a  tautology   •  All  rows  are  targeted   •  To  be  successful,  hacker  must  be  aware  of   the  query  structure  
SQL  Injec*on  Type  –  Illegal  /  Illogical  Queries   Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology   •  Alack  Intent   – Iden*fy  injectable  parameters,  Iden*fy  DB,  extract   data   •  Gather  informa*on  about  backend  of  web   applica*on   •  Error  messages  are  overly  descrip*ve.  DB   informa*on  is  thus  revealed   •  Example  –  5a  is  provided  in  field  where  data  is   expected  
•  Alack  Intent:   – Bypass  authen*ca*on,  data  extrac*on   •  Inclusion  of  a  union  statement  and  extrac*on   of  data   •  Example  –  10  UNION  SELECT  password  FROM   users  WHERE  1=1  or  2=2  provided  where  id  is   expected   •  Requires  knowledge  of  DB  schema   SQL  Injec*on  Type  –  Union  Query     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
•  Alack  Intent:   – Data  extrac*on,  data  modifica*on,  remote   command  execu*on,  DoS   •  First  query  is  valid  and  runs  normally  but   when  delimiter  is  recognized,  DB  executes   second  and  further  queries   •  Example  –  bingo’;  UPDATE  users  SET   email=‘hacker@hush.com  provided  where   name  is  expected   SQL  Injec*on  Type  –  Piggy-­‐backed  Queries     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
•  Alack  Intent   – Privilege  escala*on,  DoS,  Remote  Command   Execu*on   •  DBs  may  come  with  in-­‐built  stored-­‐ procedures,  that  alacker  can  use   •  Procedures  maybe  in  other  languages  opening   newer  alack  avenues   •  Example  –  1;  EXEC  master..xp_cmdshell  ‘dir   *.exe’  where  an  id  is  expected   SQL  Injec*on  Type  –  Stored  Procedure     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
•  Alack  Intent:   – Iden*fy  vulnerable  parameters,  iden*fy  schema,   data  extrac*on   •  Alack  against  beler  secured  databases,   hiding  descrip*ve  errors   •  TRUE  /  FALSE  type  based  on  web  page  /   returned  data  behavior   •  Example  –  1  AND  1=1  and  1  AND  1=2   SQL  Injec*on  Type  –  Blind  Injec*on     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
•  Alack  Intent:   –  Iden*fy  vulnerable  parameters,  iden*fy  schema,  data   extrac*on   •  Gather  informa*on  based  on  *me  delays  in  the   response   •  Example   –  Bingo’  wai_or  delay  ‘00:00:10’  –  delays  response  by   10  secs  if  vulnerable   –  If  first  lecer  of  db  name  is  an  ‘a’  wait  10  secs  or  if  it  is   ‘b’  wait  20  secs…     SQL  Injec*on  Type  –  Time  Based  Injec*on     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
•  Alack  Intent:   – Evade  detec*on   •  Injec*on  commands  are  encoded  in  various   formats   •  Example  -­‐  %3c%74%69%74%6c%3e%2e%2f %20%72  is  URL  encoded,  decodes  to  <2tle>./  r   is  part  of  Red-­‐X  alack  signature   •  Double  encoding  simply  involves  re-­‐encoding   the  %  symbol  to  %25   SQL  Injec*on  Type  –  Alternate  Encodings     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
SQL  Injec*on  Type  –  Second  Order   Injec*on     •  Alack  Intent:   –  Data  manipula*on,  Remote  Command  Execu*on   •  Frequency  based  Primary  Applica*on  –  Applica*on   that  re-­‐present  processed  data  of  Primary  Applica*on   •  Frequency  based  Secondary  Applica*on  –  Secondary   applica*on  processes  submission  of  Primary   applica*on   •  Secondary  Support  Applica*on  –  Secondary  applica*on   that  is  usually  internal  support  group  for  the  Primary   applica*on   •  Cascaded  Submission  –  Submiled  data  is  stored  and   re-­‐used  further  in  queries  
Security   May  the  Force  be   with  you!  
Security   •  Ability  to  wear  Black  Hat   •  Think  like  one!   •  Go  one  step  beyond…   •  It’s  more  fun   •  The  Right  ATTITUDE  
Security  –  Prepared  Statements   •  No  processing  of  input   •  Input  is  just  data   •  SQL  instruc*on  template  is  pre-­‐compiled   •  All  input  is  simply  treated  as  data   •  No  processing,  no  interpreta*on,  no  overlap  of   expecta*on  on  trust   •  Hence,  no  vulnerability!   •  Best  Op*on   •  Moms,  name  your  kids  whatever…!  
Security  –  Stored  Procedures   •  As  good  as  Prepared  Statements    if   implemented  safely   •  Stored  Procedures  allow  dynamic  SQL   statements   •  If  dynamic  SQL  statements  are  used  inside   stored  procedures,  security  is  lost   •  Not  the  best  op*on  
Security  –  Escape  User  Input   •  Some*mes  it  just  has  to  be  plain  SQL!   •  Escape  all  user  input  before  execu*on  of  the   dynamic  SQL   •  Think  mul*ple  *mes  before  you  go  for  this   op*on   •  If  you  do,  re-­‐review  mul*ple  *mes  to  ensure   no  vulnerability   •  Should  be  the  Last  Op*on  
Last  Week  -­‐  Red-­‐X  –  3xpir3  Cyber  Army   Targets:     SQL  Injec*on   Vulnerabili*es  in   CMS  Apps  like   Wordpress,  Joomla,   OsDate  
Red-­‐X   •  Some  signatures:   –  red  X   –  3xp1r3   –  Cyber  Army   –  Bangladeshi  Hacker   –  The  Real  Outrageous   –  media.somewhereinblog.net/images/ondhokarer_rajputra_1353552651_1-­‐red-­‐x.jpg   –  Dear  ADMIN<br/>!  Secure  your  SITE  !   –  ..::|  Greetz  |::..   –  red-­‐x@hackermail.com   –  .::  x3o-­‐1337  |  Gabby  |  $p!r!t~$33k3r  |  FrEaKy  ::.   –  All  Members  of  3xp1r3  Cyber  Army   –  PL3E6316C123CFC160   –  %3c%74%69%74%6c%65%3e%2e%2f%20%72   –  hacked  by  Cimy   •  Simple  scanner  script:   hlp://ec2-­‐54-­‐251-­‐11-­‐172.ap-­‐southeast-­‐1.compute.amazonaws.com/scans/  
2  Introduc*ons  –  Lot  more  about  You   •  Rebels?   •  Tinkering?   •  Go  beyond  programming   •  Alack  alacker’s  alack   •  AEtude!  Malers.  But  beware  of  the  Dark  Side  
Courtesies  &  Disclaimer   •  Many  of  the  images  used  in  this  presenta*on   are  NOT  the  genius  crea*ons  of  my  own   •  I  Google’d  ‘em  and  all  the  credits  go  to  the   original  ar*sts   •  If  there  are  any  images  of  my  own  that  I  have   added  in  this  presenta*on,  you  are  more  than   welcome  to  freely  use  them  
Ques*ons  ???   •  What  you  want  to  ask,  many  already  have  that   same  ques*on  on  their  mind.  Be  bold  and  lead   •  OK,  If  you  don’t  want  to  speak  and  keep  shut   and  keep  thinking  about  it  in  your  mind  and   take  those  ques*ons  home,  make  sure  you   email’em  to  me  and  sleep  well  at  night!  
I  have  some  for  y’all   •  Do  you  like  to  watch  –  Matrix,  Star  Wars,  Star  Trek,   Hitchhiker's  Guide  to  the  Galaxy,  ...  Sci-­‐Fi?   •  Would  you  like  to  play  Capture  The  Flag  using  SQL   Injec*on?   •  What  should  be  our  topic  for  the  next  meet?   •  I  hate  to  ask  but,  how  can  we  make  this  beler?   •  Again,  so  do  you  s*ll  like  geEng  injected?   •  I  know,  we  the  elite,  genius  group,  who  like  to  rot   before  idiot  box  are  ‘especially’  afraid  of  injec*ons!   •  Are  you  convinced  by  now?  Of  course,  you  already   hate  injec*ons!  
Ad

Recommended

Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Asish Kumar Rath
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to android
zeelpatel0504
 
Class and object in C++
Class and object in C++Class and object in C++
Class and object in C++
rprajat007
 
XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricks
GarethHeyes
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
n|u - The Open Security Community
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
Null Bhubaneswar
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
Respa Peter
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
Ad

More Related Content

What's hot (20)

SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
n|u - The Open Security Community
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
Null Bhubaneswar
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
n|u - The Open Security Community
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
Null Bhubaneswar
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 

Viewers also liked (10)

Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
Respa Peter
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Marios Siganos
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection Tutorial
Magno Logan
 
Kepmenkes 159 2014 perubahan atas keputusan menteri kesehatan nomor 328-menk...
Kepmenkes 159 2014 perubahan atas keputusan menteri kesehatan nomor 328-menk...Kepmenkes 159 2014 perubahan atas keputusan menteri kesehatan nomor 328-menk...
Kepmenkes 159 2014 perubahan atas keputusan menteri kesehatan nomor 328-menk...
Ulfah Hanum
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)
Bernardo Damele A. G.
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
Bernardo Damele A. G.
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
Respa Peter
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Marios Siganos
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection Tutorial
Magno Logan
 
Kepmenkes 159 2014 perubahan atas keputusan menteri kesehatan nomor 328-menk...
Kepmenkes 159 2014 perubahan atas keputusan menteri kesehatan nomor 328-menk...Kepmenkes 159 2014 perubahan atas keputusan menteri kesehatan nomor 328-menk...
Kepmenkes 159 2014 perubahan atas keputusan menteri kesehatan nomor 328-menk...
Ulfah Hanum
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)
Bernardo Damele A. G.
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
Bernardo Damele A. G.
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Ad

Similar to Sql Injection - Vulnerability and Security (20)

Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
Shubham Takode
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC Webinar
Osama Mustafa
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
 
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksOWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacks
Mohamed Talaat
 
Security testing
Security testingSecurity testing
Security testing
Tabăra de Testare
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless Hacking
Don Anto
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Michael Pirnat
 
Secure pl-sql-coding
Secure pl-sql-codingSecure pl-sql-coding
Secure pl-sql-coding
Trần Bình Hậu
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a Database
John Ashmead
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Zakaria SMAHI
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
 
SQL Injection Stegnography in Pen Testing
SQL Injection Stegnography in Pen TestingSQL Injection Stegnography in Pen Testing
SQL Injection Stegnography in Pen Testing
191013607gouthamsric
 
Web security
Web securityWeb security
Web security
dogangcr
 
SQL Injection Attack Guide for ethical hacking
SQL Injection Attack Guide for ethical hackingSQL Injection Attack Guide for ethical hacking
SQL Injection Attack Guide for ethical hacking
Ayan Live Rourkela
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)security
iphonepentest
 
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc groupNtxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
North Texas Chapter of the ISSA
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
prasadGade6
 
Sql injection
Sql injectionSql injection
Sql injection
The Avi Sharma
 
SQL Injection and DoS
SQL Injection and DoSSQL Injection and DoS
SQL Injection and DoS
Emil Tan
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
Madhu Akula
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
Shubham Takode
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC Webinar
Osama Mustafa
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
 
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksOWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacks
Mohamed Talaat
 
Security testing
Security testingSecurity testing
Security testing
Tabăra de Testare
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless Hacking
Don Anto
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Michael Pirnat
 
Secure pl-sql-coding
Secure pl-sql-codingSecure pl-sql-coding
Secure pl-sql-coding
Trần Bình Hậu
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a Database
John Ashmead
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Zakaria SMAHI
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
 
SQL Injection Stegnography in Pen Testing
SQL Injection Stegnography in Pen TestingSQL Injection Stegnography in Pen Testing
SQL Injection Stegnography in Pen Testing
191013607gouthamsric
 
Web security
Web securityWeb security
Web security
dogangcr
 
SQL Injection Attack Guide for ethical hacking
SQL Injection Attack Guide for ethical hackingSQL Injection Attack Guide for ethical hacking
SQL Injection Attack Guide for ethical hacking
Ayan Live Rourkela
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)security
iphonepentest
 
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc groupNtxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
North Texas Chapter of the ISSA
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
prasadGade6
 
Sql injection
Sql injectionSql injection
Sql injection
The Avi Sharma
 
SQL Injection and DoS
SQL Injection and DoSSQL Injection and DoS
SQL Injection and DoS
Emil Tan
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
Madhu Akula
 
Ad

Recently uploaded (20)

Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 

Sql Injection - Vulnerability and Security

  • 1. SQL  Injec*on   Vulnerability  and  Security     -­‐  Sandip  Chaudhari   [    ]  
  • 2. Welcome   •  Our  first  meet   •  It’s  got  be  special!   •  Who  likes  geEng  injected?   •  Guests?  Welcome   •  Join,  voice-­‐in   •  AEtude!  
  • 3. Dualism   •  We  got  2  hours  today   •  We  got  to  have  2  introduc*ons  –  Me  &  You   •  We  got  to  look  into  Vulnerability  and  Security   •  Binary  -­‐  It’s  all  about  0  and  1   •  Today’s  date  is  25!   •  We  are  doomed!  We  didn’t  do  this  event  at         2  PM!     •  Just  kidding…  
  • 4. 2  Introduc*ons  –  Too  much  about  me   •  13+  years  experience  in  SoZware  and  Informa*on  Security  Industry   •  6+  years  worked  as  a  Professional  SoZware  Security  Analyst  and  Secure  Code   Auditor   •  100+  in-­‐house  vulnerabili*es  discovered  and  reported   •  Presented  Security  Research  Paper  at  various  security  conferences  around  the   globe  including  New  York,  USA,  Luxembourg,  Luxembourg,  Tokyo,  Japan,   Bangalore,  India   •  Undertook  mul*ple  responsibili*es  in  various  roles  like  –  Security  Analyst,   Applica*on  Developer,  Project  Manager,  SoZware  Applica*on  Architect,   Informa*on  Security  Researcher,  CTO   •  Proud  to  have  worked  along  with,  and  be  part  of  group  that  included  –  Dino  Dai   Zovi,  Shane  Macaulay,  Adam  Green,  Jonathan  Leonard  and  Jeremy  Jethro   •  Huh!  Who  cares…  
  • 5. Castle  with  many  doors!   •  Which  door  was  leZ   open?   •  But  text  input  is  a  valid   entry  at  mul*ple  doors!   •  It’s  all  about  entry   though…   •  So  what  causes  SQL   injec*on?    
  • 6. Entry,  entry,  entry!   •  SQL  is  used  to  save  /  read  /  delete  /  update   data  into  the  database   •  SQL  is  THE  language  that  is  most  commonly   used  by  applica*ons,  to  talk  to  the  database   •  But  SQL  exists  only  in  the  developer’s  /   implementer’s  world     •  End-­‐user  should  never  have  to  bother  about   SQL  to  store/access  her/his  name  or  to  login   •  Hmm,  maybe  true.  But  what  if  …  ?  
  • 7. But  what  if  …  ?   •  End  user  directly  provides  SQL  at  the  client   (view)  end?   •  That  SQL  code  might  travel  all  the  way  via   client-­‐end,  network,  webserver,  applica*on   layers,  to  the  database   •  What  happens  when  it  reaches  the  database?   •  Does  database  know  or  really  care,  who  or   which  end  point  provided  SQL?  
  • 8. What  is  really  going  on?  
  • 9. SQL  Injec*on   •  Wikipedia  –  SQL  injec*on  is  a  code  injec*on   technique  that  exploits  a  security  vulnerability  in   an  applica*on’s  soZware   •  Database  is  doing  it’s  job.  It’s  developer’s   responsibility!  Aaaaaargh….!!!   •  Hacker  injects  her/his  secret,  malicious  code,  via   a  valid  input  field.  That  input  travels  as  a  valid   entry,  through  a  provided  open  door,  all  the  way   to  the  database  –  Brilliant     •  It’s  aZer  reaching  the  database,  poison  of  the   malicious  code  starts  ac*ng!  
  • 10. SQL  Injec*on  2012  Stats   •  Wikipedia  –  In  opera*onal  environments,   applica*ons  experience  an  average  of  71  SQL   injec*on  alempts  an  hour   •  Barclays:  97%  of  data  breaches  s*ll  due  to  SQL   Injec*on   •  Firehost  (July  2012):  SQL  Injec*on  alacks  up   by  69%.  From  277,770  in  Q1  2012  to  469,983   in  Q2  2012  
  • 11. SQL  Injec*on  Feb  2013  Stats  hlp://hackmageddon.com/2013/02/22/1-­‐15-­‐february-­‐2013-­‐cyber-­‐alacks-­‐sta*s*cs/   DDOS  Egypt   Govt  -­‐  OpEgypt   OpKashmir   Hack*vism   -­‐  OpBankUnderAlack  
  • 12. SQL  Injec*on  Feb  2013  Stats  hlp://hackmageddon.com/2013/02/22/1-­‐15-­‐february-­‐2013-­‐cyber-­‐alacks-­‐sta*s*cs/  
  • 13. SQL  Injec*on  Feb  2013  Stats  hlp://hackmageddon.com/2013/02/22/1-­‐15-­‐february-­‐2013-­‐cyber-­‐alacks-­‐sta*s*cs/  
  • 14. SQL  Injec*on  Feb  2013  Stats  hlp://hackmageddon.com/2013/02/22/1-­‐15-­‐february-­‐2013-­‐cyber-­‐alacks-­‐sta*s*cs/  
  • 15. SQL  Injec*on  Feb  2013  Stats  hlp://hackmageddon.com/2013/02/22/1-­‐15-­‐february-­‐2013-­‐cyber-­‐alacks-­‐sta*s*cs/  
  • 16. WHAT?  That  data  was  never  supposed   to  be  shared!  
  • 17. It’s  all  about  parsing,  interpre*ng,   processing  
  • 18. SQL  Parser  –  Simplis*c  View   •  Imagine  that  SQL  Parser  simply  extracts  and   separates  -­‐  DB  opera*on  instruc*ons  and  data   elements   •  Example  –  username=‘alice’  has  alice  as  data   element,  separated  by  quote  (‘)   •  Thus  parser  uses  some  delimiters’  help  to   separate  data  from  instruc*ons  
  • 19. Again,  SQL  Injec*on   •  SQL  Injec*on  =  <instruc*ons  [+  data]>  reaching   database,  injected  at  a  point  where  applica*on   only  expects  data   •  Always,  there  is  an  input  (entry)  to  start  it  all!   •  Then  there  is  some  processing  on  that  input   •  Processing  almost  always  entails  certain   expecta*ons  of  what  the  input  maybe   •  When  an  input  expecta2on  overlaps  trust,  a   vulnerability  is  born   •  Hackers  manipulate  trust  &  exploit  vulnerability  
  • 20. SQL  Injec*on   Alack  Vector   Classifica*on     Source:  Wikipedia  
  • 21. Why  bother  about  SQL  Injec*on?   •  Credit  card  informa*on   •  Usernames,  Passwords   •  Sensi*ve  Informa*on  –   medical  records   •  Spoof  iden*ty   •  Tampering  with  data   •  Repudia*on  issues   •  Reveal  DB  structure   •  Operate  as  Admin   •  Delete  en*re  DB   •  Execute  system  commands   •  Elevate  privileges  and   compromise  the  whole   system  
  • 22. SQL  Injec*on  -­‐  Basics   •  $sql  =  “SELECT  *  FROM  Users  where  firstName   =  ‘”  .  $firstName  .”’”;   •  User  provides:  ‘  or  ‘1’=‘1   •  SQL  String:  “SELECT  *  FROM  Users  where   firstName  =  ‘’  or  ‘1’=‘1’”   •  Few  Others  (source:  Wikipedia)   ‘  or  ‘1’=‘1’  –  ‘   ‘  or  ‘1’=‘1’  ({  ‘   ‘  or  ‘1’=‘1’  /*  ‘  
  • 23. SQL  Injec*on  Type  –  Tautology   Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology   •  Alack  Intent:   – By  pass  authen*ca*on,  Iden*fy  injectable   parameters,  extract  data   •  General  inten*on  is  to  submit  a  query  that  will   always  return  true   ‘  or  1=1    :    is  a  tautology   •  All  rows  are  targeted   •  To  be  successful,  hacker  must  be  aware  of   the  query  structure  
  • 24. SQL  Injec*on  Type  –  Illegal  /  Illogical  Queries   Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology   •  Alack  Intent   – Iden*fy  injectable  parameters,  Iden*fy  DB,  extract   data   •  Gather  informa*on  about  backend  of  web   applica*on   •  Error  messages  are  overly  descrip*ve.  DB   informa*on  is  thus  revealed   •  Example  –  5a  is  provided  in  field  where  data  is   expected  
  • 25. •  Alack  Intent:   – Bypass  authen*ca*on,  data  extrac*on   •  Inclusion  of  a  union  statement  and  extrac*on   of  data   •  Example  –  10  UNION  SELECT  password  FROM   users  WHERE  1=1  or  2=2  provided  where  id  is   expected   •  Requires  knowledge  of  DB  schema   SQL  Injec*on  Type  –  Union  Query     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
  • 26. •  Alack  Intent:   – Data  extrac*on,  data  modifica*on,  remote   command  execu*on,  DoS   •  First  query  is  valid  and  runs  normally  but   when  delimiter  is  recognized,  DB  executes   second  and  further  queries   •  Example  –  bingo’;  UPDATE  users  SET   email=‘[email protected]  provided  where   name  is  expected   SQL  Injec*on  Type  –  Piggy-­‐backed  Queries     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
  • 27. •  Alack  Intent   – Privilege  escala*on,  DoS,  Remote  Command   Execu*on   •  DBs  may  come  with  in-­‐built  stored-­‐ procedures,  that  alacker  can  use   •  Procedures  maybe  in  other  languages  opening   newer  alack  avenues   •  Example  –  1;  EXEC  master..xp_cmdshell  ‘dir   *.exe’  where  an  id  is  expected   SQL  Injec*on  Type  –  Stored  Procedure     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
  • 28. •  Alack  Intent:   – Iden*fy  vulnerable  parameters,  iden*fy  schema,   data  extrac*on   •  Alack  against  beler  secured  databases,   hiding  descrip*ve  errors   •  TRUE  /  FALSE  type  based  on  web  page  /   returned  data  behavior   •  Example  –  1  AND  1=1  and  1  AND  1=2   SQL  Injec*on  Type  –  Blind  Injec*on     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
  • 29. •  Alack  Intent:   –  Iden*fy  vulnerable  parameters,  iden*fy  schema,  data   extrac*on   •  Gather  informa*on  based  on  *me  delays  in  the   response   •  Example   –  Bingo’  wai_or  delay  ‘00:00:10’  –  delays  response  by   10  secs  if  vulnerable   –  If  first  lecer  of  db  name  is  an  ‘a’  wait  10  secs  or  if  it  is   ‘b’  wait  20  secs…     SQL  Injec*on  Type  –  Time  Based  Injec*on     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
  • 30. •  Alack  Intent:   – Evade  detec*on   •  Injec*on  commands  are  encoded  in  various   formats   •  Example  -­‐  %3c%74%69%74%6c%3e%2e%2f %20%72  is  URL  encoded,  decodes  to  <2tle>./  r   is  part  of  Red-­‐X  alack  signature   •  Double  encoding  simply  involves  re-­‐encoding   the  %  symbol  to  %25   SQL  Injec*on  Type  –  Alternate  Encodings     Ref:  hlps://sites.google.com/site/injec*onsmakemesql2/sqlia-­‐types/tautology  
  • 31. SQL  Injec*on  Type  –  Second  Order   Injec*on     •  Alack  Intent:   –  Data  manipula*on,  Remote  Command  Execu*on   •  Frequency  based  Primary  Applica*on  –  Applica*on   that  re-­‐present  processed  data  of  Primary  Applica*on   •  Frequency  based  Secondary  Applica*on  –  Secondary   applica*on  processes  submission  of  Primary   applica*on   •  Secondary  Support  Applica*on  –  Secondary  applica*on   that  is  usually  internal  support  group  for  the  Primary   applica*on   •  Cascaded  Submission  –  Submiled  data  is  stored  and   re-­‐used  further  in  queries  
  • 32. Security   May  the  Force  be   with  you!  
  • 33. Security   •  Ability  to  wear  Black  Hat   •  Think  like  one!   •  Go  one  step  beyond…   •  It’s  more  fun   •  The  Right  ATTITUDE  
  • 34. Security  –  Prepared  Statements   •  No  processing  of  input   •  Input  is  just  data   •  SQL  instruc*on  template  is  pre-­‐compiled   •  All  input  is  simply  treated  as  data   •  No  processing,  no  interpreta*on,  no  overlap  of   expecta*on  on  trust   •  Hence,  no  vulnerability!   •  Best  Op*on   •  Moms,  name  your  kids  whatever…!  
  • 35. Security  –  Stored  Procedures   •  As  good  as  Prepared  Statements    if   implemented  safely   •  Stored  Procedures  allow  dynamic  SQL   statements   •  If  dynamic  SQL  statements  are  used  inside   stored  procedures,  security  is  lost   •  Not  the  best  op*on  
  • 36. Security  –  Escape  User  Input   •  Some*mes  it  just  has  to  be  plain  SQL!   •  Escape  all  user  input  before  execu*on  of  the   dynamic  SQL   •  Think  mul*ple  *mes  before  you  go  for  this   op*on   •  If  you  do,  re-­‐review  mul*ple  *mes  to  ensure   no  vulnerability   •  Should  be  the  Last  Op*on  
  • 37. Last  Week  -­‐  Red-­‐X  –  3xpir3  Cyber  Army   Targets:     SQL  Injec*on   Vulnerabili*es  in   CMS  Apps  like   Wordpress,  Joomla,   OsDate  
  • 38. Red-­‐X   •  Some  signatures:   –  red  X   –  3xp1r3   –  Cyber  Army   –  Bangladeshi  Hacker   –  The  Real  Outrageous   –  media.somewhereinblog.net/images/ondhokarer_rajputra_1353552651_1-­‐red-­‐x.jpg   –  Dear  ADMIN<br/>!  Secure  your  SITE  !   –  ..::|  Greetz  |::..   –  red-­‐[email protected]   –  .::  x3o-­‐1337  |  Gabby  |  $p!r!t~$33k3r  |  FrEaKy  ::.   –  All  Members  of  3xp1r3  Cyber  Army   –  PL3E6316C123CFC160   –  %3c%74%69%74%6c%65%3e%2e%2f%20%72   –  hacked  by  Cimy   •  Simple  scanner  script:   hlp://ec2-­‐54-­‐251-­‐11-­‐172.ap-­‐southeast-­‐1.compute.amazonaws.com/scans/  
  • 39. 2  Introduc*ons  –  Lot  more  about  You   •  Rebels?   •  Tinkering?   •  Go  beyond  programming   •  Alack  alacker’s  alack   •  AEtude!  Malers.  But  beware  of  the  Dark  Side  
  • 40. Courtesies  &  Disclaimer   •  Many  of  the  images  used  in  this  presenta*on   are  NOT  the  genius  crea*ons  of  my  own   •  I  Google’d  ‘em  and  all  the  credits  go  to  the   original  ar*sts   •  If  there  are  any  images  of  my  own  that  I  have   added  in  this  presenta*on,  you  are  more  than   welcome  to  freely  use  them  
  • 41. Ques*ons  ???   •  What  you  want  to  ask,  many  already  have  that   same  ques*on  on  their  mind.  Be  bold  and  lead   •  OK,  If  you  don’t  want  to  speak  and  keep  shut   and  keep  thinking  about  it  in  your  mind  and   take  those  ques*ons  home,  make  sure  you   email’em  to  me  and  sleep  well  at  night!  
  • 42. I  have  some  for  y’all   •  Do  you  like  to  watch  –  Matrix,  Star  Wars,  Star  Trek,   Hitchhiker's  Guide  to  the  Galaxy,  ...  Sci-­‐Fi?   •  Would  you  like  to  play  Capture  The  Flag  using  SQL   Injec*on?   •  What  should  be  our  topic  for  the  next  meet?   •  I  hate  to  ask  but,  how  can  we  make  this  beler?   •  Again,  so  do  you  s*ll  like  geEng  injected?   •  I  know,  we  the  elite,  genius  group,  who  like  to  rot   before  idiot  box  are  ‘especially’  afraid  of  injec*ons!   •  Are  you  convinced  by  now?  Of  course,  you  already   hate  injec*ons!