1 / 9

Protecting Applications from SQL Injection and Buffer Overflow Attacks

This chapter delves into the critical issues of SQL injection and buffer overflow attacks, defining them as code injection vulnerabilities arising from programming flaws and improper input validation. SQL injection allows attackers to manipulate database queries to execute unauthorized commands, while buffer overflows exploit memory management weaknesses. Effective countermeasures include defensive coding practices, input validation, and the use of secure programming environments. Understanding these vulnerabilities is essential for safeguarding applications from malicious exploitation.

walter
Télécharger la présentation

Protecting Applications from SQL Injection and Buffer Overflow Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 9 Attacking Applications: SQL Injection & Buffer Overflows

  2. SQL Injection & Buffer Overflow • AKA: Code Injection • Common Issues • Both used to attack applications • Both generally caused by programming flaws • Both usually delivered via user input field • Both caused by invalid parameters (not verified) • Countermeasures for both • Utilize secure programming methods

  3. SQL Injection • Occurs when an app processes user-provided data to create an SQL statement without first validating the input. • Read or modify a database by compromising the meaning of the original query • Results • 1. Attacker gets to remotely execute system commands, or • 2. Attacker takes control of database server

  4. Finding a SQL Injection Vulnerability • 1. Search for websites with login page or other input or query fields • 2. Test using single quotes • 3. Use SELECT to retrieve data, or • Use automated tool: Absinthe • http://www.youtube.com/watch?v=Aotphk1sOAQ • http://www.youtube.com/watch?v=_Bh1_-wg-ok • Why it works: http://www.youtube.com/watch?v=AhTfo6pWBIM

  5. The Purpose of SQL Injection • Identifying vulnerabilities • Database Finger-Printing • Determine Database Schema • Extract / Add / Modify Data • Perform DoS • Evade Detection • Bypass Authentication • Execute Remote Commands • Perform Privilege Escalation • Install Malware

  6. SQL Injection Countermeasures • Practice Defensive Coding • Change default admin login information • Disable default admin login account • Validate / Sanitize user input • Use strong firewall rules • Block ports: 1434 (SQL & mysql); 1521-1530 (Oracle) • Don’t display error messages • Remove Stored Procedures, but rather use Prepared Statements • Session encryption

  7. SQL Injection Countermeasures • Use escape commands • escapeshellcmd(): decreases risks involved in allowing user input to be passed to the shell • escapeshellarg(): convert scalar value into single-quote delimited string • Mysql_real-escape-string() • Sanitizes data before sending to MYSQL

  8. Buffer Overflows • http://www.youtube.com/watch?v=7LDdd90aq5Y • How it works: http://www.youtube.com/watch?v=kZZgNnhxA_4 • http://www.youtube.com/watch?v=diKNfnY76z8 • http://www.youtube.com/watch?v=AlgwqMH3Uss

  9. Buffer Overflows • Types • Stack based • Static locations for memory address space • Heap based • Dynamic memory address spaces • Countermeasures • IDS should look for NOP (No Operation) instructions • Don’t use: C or C++ commands that don’t provide argument checking. (C & C++ leave data integrity checking to programmer): • eg) strcpy(), strcat(), streadd() • Use functions that check buffer size – eg) strncopy() • DO use: Java or Perl or Lisp

More Related