Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Sql injection
1.
2. AGENDA
What is SQL
WHAT is SQL injection
SQL Injection Attack Types
Prevention of SQL Injection Attack
2
3. WHAT IS SQL?
SQL is a special-purpose programming
language designed for managing data held in
a relational database management systems (RDBMS).
The scope of SQL includes data insert, query, update
and delete, schema creation and modification, and
data access control.
3
4. What is SQL injection?
A class of code-injection attacks, in which data provided by the
user is included in an SQL query in such a way that part of the
user’s input is treated as SQL code
SQL injection is a technique to maliciously exploit applications
that use client-supplied data in SQL statements. Attackers trick
the SQL engine into executing unintended commands by
supplying specially crafted string input, thereby gaining
unauthorized access to a database in order to view or
manipulate restricted data.
SQL injection techniques may differ, but they all exploit a
single vulnerability in the application:
Incorrectly validated or non validated string literals are
concatenated into a dynamic SQL statement, and
interpreted as code by the SQL engine.
4
6. TYPES OF SQL ATTACKS
1)First Order Attack:-The attacker can simply enter a
malicious string and cause the modified code to be
executed immediately.
2)Second Order Attack:-The attacker injects into
persistent storage (such as a table row) which is deemed
as a trusted source. An attack is subsequently executed by
another activity.
3)Lateral Injection:-The attacker can manipulate the
implicit functionTo_Char() by changing the values of the
environment
variables, NLS_Date_Format orNLS_Numeric_Characters.
6
7. Injection Mechanism
Injection through user input
First-order
Injection through cookies
injection
Injection through server variables
Second-order injection
7
8. Injection Mechanism
First-order injection Second-order injection
The application processes • The application stores that
the input, causing the input for future use (usually
attacker’s injected SQL query in the database), and
to execute. responds to the request.
• The attacker submits a
second (different) request.
• To handle the second
request, the application
retrieves the stored input
and processes it, causing the
attacker’s injected SQL query
to execute.
8
-Code-injection attacks: LDAP injection for LDAP directory and XPath injection for XML documents, ASP, PHP, HTML injection
-User input typically comes from form submissions that are sent to Web application via HTTP GET or POST requests. -Cookies are stored on the client machine. If a Web application uses the cookie’s contents to build SQL queries, an attacker could easily submit an attack by embedding it in the cookie -Server variables are the collection of variables that contain HTTP, network headers, & environmental variables. Web applications use these server variables in variety of ways, such as logging usage statistics & identifying browsing trends => attackers can forge these values
-Avoid detection by defensive coding practices & also many automated prevention techniques -Attackers have employed alternate methods of encoding their attack strings. Common scanning & detection techniques do not try to evaluate all specially encoded strings, thus allowing these attacks to go undetected -Different layers in an application have different ways of handling alternate encodings -An effective code-based defense against alternate encodings is difficult to implement in practice
-Defensive coding practices: straightforward solution for eliminating these vulnerabilities -Detection & prevention techniques: assist developer & compensate for the shortcomings in the application of defensive coding
