Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
172 views

Presentation On SQL Injection

This document discusses SQL injection, which is a technique attackers use to exploit web applications that do not validate user input. It can allow attackers to view sensitive data or even modify databases. The document categorizes different types of SQL injection attacks and describes techniques like tautology, piggybacked queries, and union queries. It recommends prevention methods like parameterized queries, limiting privileges, input validation, and error message control. The goal is to educate developers about SQL injection vulnerabilities and how to build secure applications.

Uploaded by

AmanSingh
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
172 views

Presentation On SQL Injection

This document discusses SQL injection, which is a technique attackers use to exploit web applications that do not validate user input. It can allow attackers to view sensitive data or even modify databases. The document categorizes different types of SQL injection attacks and describes techniques like tautology, piggybacked queries, and union queries. It recommends prevention methods like parameterized queries, limiting privileges, input validation, and error message control. The goal is to educate developers about SQL injection vulnerabilities and how to build secure applications.

Uploaded by

AmanSingh
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 19

SQL INJECTION

Contents
SQL
SQL Injection
Classification of Attacks
Attack Techniques
Prevention Techniques
Conclusion

SQL (Structured Query
Language)
Standard language for relational database management
systems, as per ANSI.
Used to perform tasks such as update data on a database, or
retrieve data from a database.
Standard SQL commands such as Select Insert, Update,
Delete, Create, and Drop.

SQL Injection
A technique used to take advantage of non-validated input
to pass SQL commands through a web application for
execution by a backend database.
Programmers often chain together SQL commands with user-
provided parameters.

Classification of Attacks
Identifying Database Finger-Print
Identifying Injectable Parameters
Discovering Database Schema
Bypassing Authentication
Extracting/Modifying Database Data
Downloading/Uploading File
Executing Remote Commands
Escalating Privilege


Attack
Techniques

1.Tautology : Exploit where
clause



Create a query that always evaluates to true for entries in
the database. To bypass authentication pages and extract
data. If attacker submits user or 1=1 - for the login
input field.
The resulting query is:
SELECT info FROM userTable WHERE username=user or
1=1 AND password=
Injecting through input string

user = ' or 1=1
password = anything

Final query would look like this:
SELECT * FROM acct
WHERE username = ' ' or 1=1
' AND password = 'anything'


2. Piggy-backed Query:

Injecting through input string

usr = xyz
pwd = 0;drop table users

Final query would look like this:
SELECT * FROM acct
WHERE username = ' xyz '
AND password = 0;drop table users


3. Union Query: To retrieve specific
information

Injecting through input string
usr = ' UNION SELECT cardNo from CreditCards where
acctNo = 7032 --
pwd = anything
Final query would look like this:
SELECT * FROM acct
WHERE username = UNION SELECT cardNo from
CreditCards where acctNo = 7032
-- AND password = anything

Prevention Techniques
1. Use Parameterized Queries
Separates data from query.

Allow creation of static queries with bind variables.

2. Customized Error Messages
Knowing database schema makes attackers job easier.

Avoid display detailed error messages and stack traces to
external users.

3. White List Based Validation
Involves defining exactly what IS authorized

Allow input within well-defined set of safe values
- By defining a very strong validation pattern

Implement stringent "known bad" filters
Eg: Reject "select", "insert", "update", "shutdown",
"delete", "drop", "--",

4. Limiting Privileges
Admin type access rights to the application accounts must be
avoided.

Create a view that limits access to that portion of the data.

5. Other preventions
Validate and filter the input data using strong Regular
expression patterns.

System Stored Procedure Reduction.

Encrypting Sensitive Data.

Conclusion
Present day development is more focused on Web
Applications so there is an urgent need for educating the
developers & Students on SQL Injection thereby allowing
programmers and system administrators to understand the
attacks more thoroughly, more attacks will be detected and
more countermeasures will be introduced into the systems.

Thank You
Questions ?

You might also like