Technology White Paper of SQL Injection Attacks and Prevention
|
|
- Sharon Turner
- 5 years ago
- Views:
Transcription
1 Technology White Paper of SQL Injection Attacks and Prevention Keywords: SQL injection, SQL statement, feature identification Abstract: SQL injection attacks are common attacks that exploit database vulnerabilities. This document exemplifies the working mechanism and methods of SQL injection attacks, and describes the solutions provided by H3C security products to preventing such vulnerabilities. Acronyms: Acronym Full spelling SQL IPS URL Structured Query Language Intrusion Prevention System Uniform Resource Locator Hangzhou H3C Technologies Co., Ltd. 1/11
2 Table of Contents Introduction to SQL Injection Attacks 3 Overview 3 Mechanism 3 Example 4 Harms of SQL Injection Attacks 7 SQL Injection Attack Prevention Through IPS Devices 7 SQL Injection Prevention Framework of IPS Devices 7 Advantages of the SQL Injection Prevention Framework of IPS Devices 9 Application Scenarios 10 Hangzhou H3C Technologies Co., Ltd. 2/11
3 Introduction to SQL Injection Attacks Overview Structured Query Language (SQL) is a text-based language for interacting with relational databases. SQL allows users to manage data effectively through data query, operation, definition, and control. For example, users can write data to databases, insert data into databases, and retrieve data from databases. Relational databases are widely used in websites. Users generally interact with databases through dynamic Web pages. Users access common dynamic Web pages by visiting parameterized URLs, in the format Dynamic pages can be.asp,.php,.jsp, or perl Web pages. A dynamic Web page has one or more parameters, whose type can be integer or character string. Website application programs (dynamic Web pages) with poor security allow attackers to construct and submit malicious URLs, insert specially-constructed SQL statements into submitted parameters, intercept information from the interaction with relational databases, or directly temper Web data. Such attacks are known as SQL injection attacks. Mechanism An SQL injection attack works by crafting SQL states which are combined with the contents submitted by Web pages. Techniques commonly used by SQL attacks include comment symbols, identical equations (such as 1 = 1), union queries by using the union statement, and inserting or modifying data by using the insert or update statement. In addition, SQL injection attacks use some built-in functions, for example, using the phpinfo function to display basic information and the char function to avoid single quotes. The following exemplifies several simple methods of statement construction. Generally, relational databases store data in tables. Assume that a table named user exists. The table has four columns: id, username, pwd, and level, which indicate user IDs, user names, passwords, and privilege levels. Table 1 lists several simple methods of constructing injected statements. Strings such as $username and $password are variable names. Table 1 Methods of constructing injected statements Statement Normal statement: SELECT * FROM user WHERE username = '$username' AND pwd = '$password' Injected statement: SELECT * FROM user WHERE username = 'tom'/*' AND pwd = '' Remarks The contents following AND pwd = '' are ignored because they are considered as comments by the preceding /*, which is used in SQL to precede comments. This allows an attacker to log in without submitting a password. Hangzhou H3C Technologies Co., Ltd. 3/11
4 Statement Normal statement: SELECT * FROM user WHERE username = '$username' AND pwd = '$password' Injected statement: SELECT * FROM user WHERE username = 'tom' AND pwd = '' or '1=1' Normal statement: UPDATE user SET pwd = '$password' WHERE username = '$username' Injected statement: UPDATE user SET pwd = 'abcd',level='3' WHERE username = 'tom' Normal statement: SELECT * FROM user WHERE username = '$username' Injected statement: SELECT * FROM user WHERE username = 'tom' AND LEFT(pwd,1)='l' Normal statement: SELECT * FROM user WHERE username = '$username' AND pwd = '$password' Injected statement: SELECT * FROM user WHERE username = 'tom' into outfile 'd:/http root/file001.txt'/*' AND pwd = '' Normal statement: INSERT INTO user VALUES('$id', '$username', '$password', '1') Injected statement: INSERT INTO user VALUES('10', 'tom', 'password','3')/*', '1') Remarks In the injected statement, identical equation 1 = 1 is used for logic judgment. Thus, this statement is executed successfully even if pwd is judged as false, allowing the attacker to log in without a password. In the injected statement, the attacker adds single quotes following pwd and the subsequent WHERR statement to change the password and change the level to 3 to become a user with the highest privilege level. In the injected statement, built-in functions are used to judge the character in a position of a string. If the judgment succeeds, the user ID is displayed. Such attempts are repeated until the actual password is obtained. The injected statement retrieves the file in the inserted path. The file contains the information on user tom. In the injected statement, user tom is inserted, whose ID is 10 and whose privilege level is set to 3, namely, the highest level. Such attacks are used to register users with high privilege levels by exploiting security vulnerabilities. Example The following describes an SQL injection attack and its hazards by using an actual network as an example. Figure 1 shows a page of an open-source alumni website. Normally, when a user selects a year from the drop-down list on this page, the page displays the information on the graduates of that year. In this example, the URL in the address bar of the Web page is: Hangzhou H3C Technologies Co., Ltd. 4/11
5 Figure 1 Web page of an open-source alumni website with security vulnerabilities Actually, the codes processing years fail to filter the data submitted by the user. This is a vulnerability that an SQL attack can exploit. By submitting specially-constructed SQL statements to the Web page, the attacker makes the Web page display related contents from internal databases. Assume that the attacker submits a URL containing an SQL statement in the address bar of the Web page. When executing the statement, the codes do not judge the submitted contents properly. This causes the SQL injection attack to succeed. Assume that the following statement is submitted: ame,1,alumnipassword,1,1,1,1,1,1,1,1,1,1,1,1,1%20from%20alumni_users%20where%20id='1 Table 2 explains the URL contents in detail. Table 2 Description of the URL contents Contents Remarks This is the normal URL. view&year=2005 year=2005 is executed as an SQL statement query condition in the codes. The format is similar to select * from table where year=2005. Hangzhou H3C Technologies Co., Ltd. 5/11
6 Contents Remarks This is added by the attacker. union select%201,1,1,alumniusername,1,alumnipass word,1,1,1,1,1,1,1,1,1,1,1,1,1%20from%20alum ni_users%20where%20id='1 This allows the entire added contents are executed normally without generating any errors in server databases. This is added by the attacker. These contents are used to retrieve the password from table alumni_users and display it. %20 Space Normally, the returned page displays the alumni names and related information. In this example, however, because the password is used as the selection column of the select statement, the returned page displays the password of the user. Figure 2 shows the page returned after the attacking statement is submitted. Figure 2 Displayed Web page attacked by an SQL injection As shown in Figure 2, besides user names and addresses, the user's page displays the password, which was encrypted. Actually, if the attacker changes 1 in the injected statement to the corresponding column names, the Web page displays the contents of other columns in the table, exposing more private information. Hangzhou H3C Technologies Co., Ltd. 6/11
7 Harms of SQL Injection Attacks Technology White Paper of SQL Injection Attacks and Prevention As mentioned above, a parameterized dynamic Web page on which a database is accessed is susceptible to SQL injection attacks. Therefore, SQL injection attacks are much more likely to happen than other Web attacks and cause more widespread harms. Such harms include obtaining the system control right, operating databases without authorization, tempering Web page contents, and adding system accounts or database user accounts. Nowadays, there are more and more database-based network applications. Meanwhile, the software used to search for SQL injection ports is so easily available on the Internet that even a novice attacker can use such software to search for victims and attack them. As the numbers of attack targets and attackers increase, there have been more and more SQL injection attacks in recent years. SQL Injection Attack Prevention Through IPS Devices SQL Injection Prevention Framework of IPS Devices Hangzhou H3C Technologies Co., Ltd. (hereinafter referred to as H3C) analyzes SQL injection attacks and finds that SQL injection attacks a Web page in the following ways: By using common SQL injection statements. Exploiting the characteristics of Web background databases. Using SQL injection scanners. In view of this, H3C has developed a complete set of SQL injection attack prevention framework that allows for timely detection of known and potential SQL injection attacks. Figure 3 shows the general SQL injection attack prevention framework using H3C intrusion prevention system (IPS) devices. Hangzhou H3C Technologies Co., Ltd. 7/11
8 Figure 3 SQL injection attack prevention framework Technology White Paper of SQL Injection Attacks and Prevention Processing on the device Network traffic Pre-processing Perform feature matching Traffic not processed Not matching the SQL injection attack model IPS feature library Matching the SQL injection attack model Block the traffic Report the attack Technical reserve Attack and prevention tests in a lab Generalized and layered SQL injection attack model Analyze the SQL language Analyze database features Analyze common scanners used for the attacks Analyze actual SQL injection attack methods An H3C IPS device identifies attacks through feature identification and blocks the attacks. The IPS device has a complete feature library and upgrades the feature library periodically. When network traffic enters the IPS device, the device checks whether the traffic matches the attack features of the current feature library. If yes, the device blocks the network traffic and report the attack; otherwise, the device allows the network traffic to pass. Based on the characteristics of SQL injection attacks, the H3C IPS feature library can identify SQL injection attack features in the following ways: Identifying abnormal fields in SQL statements based on SQL statement characteristics SQL injection attackers generally add abnormal fields, such as and 1=1, to URLs. By identifying these abnormal fields, the H3C IPS feature library checks whether the website has any SQL injection vulnerabilities and obtains database information. Identifying abnormal fields in background databases based on background database characteristics Websites today mainly use MS-SQL, Access, MySQL, and Oracle databases. Each database has system base tables that store the information for the database. Some databases provide additional functions that may be exploited by SQL injections. For example, in an MS-SQL database, system commands can be executed; the database information of a MySQL database can be exported to a file, the database information of an Oracle database can be reflected to any listening port. After in-depth analysis of above-mentioned databases and based on respective database characteristics, the H3C IPS feature library extracts the abnormal fields from URLs to ensure that attacks cannot launch SQL injection attacks by exploiting the features provided by databases. Hangzhou H3C Technologies Co., Ltd. 8/11
9 Analyzing SQL injection scanners and blocking attack probes from SQL injection scanners In actual attacks, attackers usually perform automatic scans of websites by using SQL injection scanners to probe for SQL injection vulnerabilities that can be exploited. After analyzing well-known SQL injection scanners, H3C has worked out the behaviors and methods of these scanners and blocks the website scanning probes from these scanners. Analyzing SQL injection vulnerabilities in actual networks Because website developers fail to strictly check input parameters, many SQL injection vulnerabilities exist in actual networks. Some major vulnerability release websites release large amounts of SQL injection vulnerabilities. By analyzing and summarizing these vulnerabilities, H3C IPS devices ensure that attackers cannot launch attacks through released SQL injection vulnerabilities. Advantages of the SQL Injection Prevention Framework of IPS Devices The SQL injection prevention framework of H3C IPS devices has the following advantages: A complete SQL injection detection model is constructed to accurately identify SQL injection attacks Considering SQL characteristics and the basic principles and patterns of known attacks, H3C has developed a universal and layered SQL injection attack detection model on different vulnerability models with different database types and SQL injection scanners and integrated the model to the feature library. Providing an abstraction of the general pattern of SQL injection attacks, these models accurately identify mainstream SQL injection attacks and construct a complete SQL injection detection model, making the model universal. H3C has simulated actual network environments, performed larges amounts of attack/prevention tests, and sorted out and verified the SQL injection vulnerability attacks released in recent years. H3C IPS devices can be used to identify and block all the released attacks. Flexible detection methods allow for accurate identification of transformed SQL injection attacks In actual attacks, to avoid being detected by an attack-prevention device, an SQL injection attack is often transformed through URL coding technologies and parameter modifications. H3C extends SQL injection attack features based on the SQL injection vulnerability principles, attack methods, and attack targets. Transformed attacks under the same vulnerability principles can also be blocked effectively even if the attacker modifies such contents as parameters, format, and statements. This expands the protection scope of the device, makes the prevention more flexible, and greatly reduces missing reports. Tracking of the latest vulnerabilities and technologies effectively prevents the latest attacks As SQL injection attacks become more and more frequent, harms are done in wider and wider scopes. This puts forth higher protection depth and breadth requirements on IPS devices. IPS devices need to Hangzhou H3C Technologies Co., Ltd. 9/11
10 not only guard against existing SQL injection attacks but also effectively block the latest, unreleased attacks. H3C has established a set of complete attack/prevention test environments to detect timely potential SQL injection vulnerabilities. Meanwhile, H3C keeps track of the latest SQL injection attack technologies and tools, timely updates the feature library of SQL injection attacks, and instantly releases the latest SQL injection prevention measures to ensure that users' networks are free of any SQL injection attacks. High-efficient operation of normal services is guaranteed Stable and efficient feature libraries provide powerful support for the prevention of SQL injection attacks. In actual deployment, H3C IPS devices analyze and identify network traffic. If any feature existing in the traffic matches an SQL injection attack prevention policy, the related traffic is blocked and a log is generated depending on the feature type and severity to provide the administrator with accurate attack information. If no feature in the traffic matches the attack model, the traffic is allowed to pass without affecting normal network services. This ensures high-efficient device operation while providing accurate protection. Application Scenarios Figure 4 shows a typical scenario of SQL injection attack prevention using H3C IPS devices. Figure 4 Network diagram for SQL injection attack prevention Generally, a website under attack consists of two parts: foreground application program and background database. A foreground application program is used to interact with users and databases. A background database is used to store data. Most SQL injection attacks directly interact with background databases to obtain information by exploiting the vulnerabilities in foreground application programs. Therefore, the IPS device needs to be deployed at the egress of the intranet of the website, namely, outside foreground application programs, to ensure database information security. Hangzhou H3C Technologies Co., Ltd. 10/11
11 Copyright 2009 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of H3C Technologies Co., Ltd. This document is subject to change without notice. Hangzhou H3C Technologies Co., Ltd. 11/11
SYN Flood Attack Protection Technology White Paper
Flood Attack Protection Technology White Paper Flood Attack Protection Technology White Paper Keywords: flood, Cookie, Safe Reset Abstract: This document describes the technologies and measures provided
More informationPrivilege Level Switching Authentication Technology White Paper
Privilege Level Switching Authentication Technology White Paper Keywords: Privilege level switching authentication, RADIUS, HWTACACS Abstract: This document briefly describes the background and implementation
More informationMWR InfoSecurity Security Advisory. Oracle Enterprise Manager SQL Injection Advisory. 1 st February 2010
MWR InfoSecurity Security Advisory Oracle Enterprise Manager SQL Injection Advisory 1 st February 2010 2010-11-12 Page 1 of 8 CONTENTS CONTENTS 1 Detailed Vulnerability Description... 4 1.1 Introduction...
More informationSecBlade Firewall Cards Attack Protection Configuration Example
SecBlade Firewall Cards Attack Protection Configuration Example Keywords: Attack protection, scanning, blacklist Abstract: This document describes the attack protection functions of the SecBlade firewall
More informationAttack Prevention Technology White Paper
Attack Prevention Technology White Paper Keywords: Attack prevention, denial of service Abstract: This document introduces the common network attacks and the corresponding prevention measures, and describes
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationSQL Injection Attack Lab
SEED Labs SQL Injection Attack Lab 1 SQL Injection Attack Lab Copyright 2006-2016 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments Objectives Define risk and risk management Describe the components of risk management List
More informationHUAWEI Secospace USG Series User Management and Control White Paper
Doc. code HUAWEI Secospace USG Series User Management and Control White Paper Issue 1.0 Date 2014-03-27 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2012. All rights reserved.
More informationUnderstanding Advanced Blind SQLI attack
Understanding Advanced Blind SQLI attack Amit Dabas, Ashish Kumar Sharma Cyber Forensics & Information Security, MDU,amitdab@gmail.com,+918588831807 Abstract SQL Injection is not new attack to our web
More informationSecPath Series Firewalls Virtual Firewall Configuration Examples
SecPath Series Firewalls Virtual Firewall Configuration Examples Keywords: VPN instance, VRF, private address, public address, address pool Abstract: This document describes the virtual firewall implementation
More informationIsolate-User-VLAN Technology White Paper
Isolate-User-VLAN Technology White Paper Keywords: Isolate-user-VLANs, secondary VLANs Abstract: Isolate-user-VLAN adopts a two-tier VLAN structure: an upper level isolate-user-vlan and multiple lower-level
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationDPX8000 Series Deep Service Switching Gateway User Configuration Guide Probe Service Board Module v1.0
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Probe Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help,
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationSecurity Course. WebGoat Lab sessions
Security Course WebGoat Lab sessions WebGoat Lab sessions overview Initial Setup Tamper Data Web Goat Lab Session 4 Access Control, session information stealing Lab Session 2 HTTP Basics Sniffing Parameter
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationWeb Gate Keeper: Detecting Encroachment in Multi-tier Web Application
Web Gate Keeper: Detecting Encroachment in Multi-tier Web Application Sanaz Jafari Prof.Dr.Suhas H. Patil (GUIDE) ABSTRACT The Internet services and different applications become vital part of every person
More informationWordPress Security Plugins vs. WAF Services. A Comparative Test of WAF Accuracy in Security Solutions
WordPress Security Plugins vs. WAF Services A Comparative Test of WAF Accuracy in Security Solutions Contents Abstract... 3 Introduction... 3 WAF Evaluation Criteria... 4 Results... 5 Pattern Analysis...
More informationDistributed telecommunications network access using the TMOS IntraWeb Gateway
Distributed telecommunications access using the IntraWeb Gateway Magnus Ekhed, Peter Gundersen and Olav Queseth In an increasingly competitive marketplace, operator success depends more and more on usage.
More informationCSE 127 Computer Security
CSE 127 Computer Security Fall 2015 Web Security I: SQL injection Stefan Savage The Web creates new problems Web sites are programs Partially implemented in browser» Javascript, Java, Flash Partially implemented
More informationHUAWEI TECHNOLOGIES CO., LTD. Huawei FireHunter6000 series
HUAWEI TECHNOLOGIES CO., LTD. Huawei 6000 series Huawei 6000 series can detect APT (Advanced Persistent Threat) attacks, which altogether exploit multiple techniques (including zero-day vulnerabilities
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationTable of Contents 1 SSH Configuration 1-1
Table of Contents 1 SSH Configuration 1-1 SSH Overview 1-1 Introduction to SSH 1-1 Algorithm and Key 1-1 Asymmetric Key Algorithm 1-2 SSH Operating Process 1-2 Configuring the SSH Server 1-4 SSH Server
More informationMechanisms for Database Intrusion Detection and Response. Michael Sintim - Koree SE 521 March 6, 2013.
Mechanisms for Database Intrusion Detection and Response Michael Sintim - Koree SE 521 March 6, 2013. Article Title: Mechanisms for Database Intrusion Detection and Response Authors: Ashish Kamra, Elisa
More informationMAC-Based VLAN Technology White Paper
MAC-Based VLAN Technology White Paper Keywords: MAC-based VLAN, 802.1X, MAC address authentication Abstract: As a way of grouping VLAN members, MAC address-based VLAN (MAC-based VLAN) decides the VLAN
More informationH3C SecBlade SSL VPN Card
H3C SecBlade SSL VPN Card Super Administrator Web Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document version: 5PW105-20130801 Copyright 2003-2013, Hangzhou H3C Technologies
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationSecBlade Firewall Cards ARP Attack Protection Configuration Examples
SecBlade Firewall Cards ARP Attack Protection Configuration Examples Keywords: ARP Abstract: ARP provides no security mechanism and can be easily utilized by attackers to launch attacks. The device provides
More informationA1 (Part 2): Injection SQL Injection
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Firewall Firewall Accounts
More informationConfiguring Vulnerability Assessment Devices
CHAPTER 10 Revised: November 10, 2007 Vulnerability assessment (VA) devices provide MARS with valuable information about many of the possible targets of attacks and threats. They provide information useful
More informationIntrusion Attempt Who's Knocking Your Door
10 Intrusion Attempt Who's Knocking Your Door By Kilausuria binti Abdullah Introduction: An intrusion attempt is a potential for a deliberate unauthorized attempt to enter either a computer, system or
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme file
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme file
More informationWebGoat Lab session overview
WebGoat Lab session overview Initial Setup Virtual Machine Tamper Data Web Goat Basics HTTP Basics Sniffing Web server attacks SQL Injection XSS INITIAL SETUP Tamper Data Hold alt to reveal the menu in
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationWeb Application Attacks
Web Application Attacks What can an attacker do and just how hard is it? By Damon P. Cortesi IOActive, Inc. Comprehensive Computer Security Services www.ioactive.com cortesi:~
More informationBinary Protector: Intrusion Detection in Multitier Web Applications
Binary Protector: Intrusion Detection in Multitier Web Applications C. Venkatesh 1 D.Nagaraju 2 T.Sunil Kumar Reddy 3 1 P.G Scholar, CSE Dept, Sir Vishveshwariah Institute of Science and Technology 2 Assistant
More informationKarthik Bharathy Program Manager, SQL Server Microsoft
Karthik Bharathy Program Manager, SQL Server Microsoft Key Session takeaways Understand the many views of SQL Server Look at hardening SQL Server At the network level At the access level At the data level
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationWeb Attacks Lab. 35 Points Group Lab Due Date: Lesson 16
CS482 SQL and XSS Attack Lab AY172 1 Web Attacks Lab 35 Points Group Lab Due Date: Lesson 16 Derived from c 2006-2014 Wenliang Du, Syracuse University. Do not redistribute with explicit consent from MAJ
More informationSQL Injection SPRING 2018: GANG WANG
SQL Injection SPRING 2018: GANG WANG SQL Injection Another reason to validate user input data Slides credit to Neil Daswani and Adam Doupé 2 3 http://xkcd.com/327/ Produce More Secure Code Operating system
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationStateful Failover Technology White Paper
Stateful Failover Technology White Paper Keywords: Stateful failover, master/backup mode, load balancing mode, data synchronization, link switching Abstract: A firewall device is usually the access point
More informationH3C imc. Branch Intelligent Management System. User Manual. Hangzhou H3C Technologies Co., Ltd.
H3C imc Branch Intelligent Management System User Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: imc BIMS 5.0 (E0102) Document version: 5PW103-20150427 Copyright 2011-2015,
More informationTIMING-BASED ATTACKS IN WEB APPLICATIONS
TIMING-BASED ATTACKS IN WEB APPLICATIONS ABOUT ME Ahmad Ashraff @Yappare Before : Chemical Engineer Current : Pentester @ Aura Information Security Hobbies : Backpacking, Watching Animes Member Of OWASP
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationWIDS Technology White Paper
Technical white paper WIDS Technology White Paper Table of contents Overview... 2 Background... 2 Functions... 2 Rogue detection implementation... 2 Concepts... 2 Operating mechanism... 2 Operating modes...
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationDPtech IPS2000 Series Intrusion Prevention System User Configuration Guide v1.0
DPtech IPS2000 Series Intrusion Prevention System User Configuration Guide v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help, please contact Hangzhou
More informationDetecting SQLIA using execution plans
Graduate Theses and Dissertations Graduate College 2016 Detecting SQLIA using execution plans Sriram Nagarajan Iowa State University Follow this and additional works at: http://lib.dr.iastate.edu/etd Part
More informationBarracuda Web Application Firewall Foundation - WAF01. Lab Guide
Barracuda Web Application Firewall Foundation - WAF01 Lab Guide Official training material for Barracuda certified trainings and Autorized Training Centers. Edition 2018 Revision 1.0 campus.barracuda.com
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationApsaraDB for RDS. Quick Start (SQL Server)
Getting started with ApsaraDB The ApsaraDB Relational Database Service (RDS) is a stable, reliable, and auto-scaling online database service. Based on the Apsara distributed file system and high-performance
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationVulnerability Assessment using Nessus
Vulnerability Assessment using Nessus What you need Computer with VirtualBox. You can use any host OS you like, and if you prefer to use some other virtual machine software like VMware or Xen, that s fine
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationIntrusion prevention systems are an important part of protecting any organisation from constantly developing threats.
Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationWhat to Look for When Evaluating Next-Generation Firewalls
What to Look for When Evaluating Next-Generation Firewalls Using independent tests to compare performance, cost and functionality Table of Contents Why Use Independent Tests in Evaluations?... 3 What to
More informationData Sheet. DPtech IPS2000 Series Intrusion Prevention System. Overview. Series IPS2000-MC-N. Features
Data Sheet DPtech IPS2000 Series DPtech IPS2000 Series Intrusion Prevention System Overview With the rapid development of network, application layer attacks emerge endlessly, such as worms, Trojan horses,
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationSQL Injection Attacks and Defense
SQL Injection Attacks and Defense Justin Clarke Lead Author and Technical Editor Rodrigo Marcos Alvarez Dave Hartley Joseph Hemler Alexander Kornbrust Haroon Meer Gary O'Leary-Steele Alberto Revelli Marco
More informationTenable.sc-Tenable.io Upgrade Assistant Guide, Version 2.0. Last Revised: January 16, 2019
Tenable.sc-Tenable.io Upgrade Assistant Guide, Version 2.0 Last Revised: January 16, 2019 Table of Contents Welcome to the Tenable.sc-Tenable.io Upgrade Assistant 3 Get Started 4 Environment Requirements
More informationThe Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA
The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA March 19, 2008 Contents Executive Summary...3 Introduction...4 Target Audience...4
More informationDatabase Security Service. FAQs. Issue 19 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 19 Date 2019-04-08 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2019. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
More informationCyber Security Threats to Telecom Networks. Rosalia D Alessandro Hardik Mehta Loay Abdelrazek
Cyber Security Threats to Telecom s Rosalia D Alessandro Hardik Mehta Loay Abdelrazek Press Release: some highlights Cyber Security Threats to Telecom s - Rosalia D Alessandro, Hardik Mehta and Loay Abdelrazek
More informationCheck Point vsec for Microsoft Azure
Check Point vsec for Microsoft Azure Test Drive User Guide 2017 Check Point Software Technologies Ltd. All rights reserved Page 1 Learn More: checkpoint.com Content 1 INTRODUCTION... 3 2 TEST DRIVE OVERVIEW...
More informationExecutive Summary. Flex Bounty Program Overview. Bugcrowd Inc Page 2 of 7
CANVAS by Instructure Bugcrowd Flex Program Results December 01 Executive Summary Bugcrowd Inc was engaged by Instructure to perform a Flex Bounty program, commonly known as a crowdsourced penetration
More informationSQL Injection. EECS Introduction to Database Management Systems
SQL Injection EECS3421 - Introduction to Database Management Systems Credit "Foundations of Security: What Every Programmer Needs To Know" (Chapter 8) by Neil Daswani, Christoph Kern, and Anita Kesavan
More informationForeScout Extended Module for Qualys VM
ForeScout Extended Module for Qualys VM Version 1.2.1 Table of Contents About the Qualys VM Integration... 3 Additional Qualys VM Documentation... 3 About This Module... 3 Components... 4 Considerations...
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationA (sample) computerized system for publishing the daily currency exchange rates
A (sample) computerized system for publishing the daily currency exchange rates The Treasury Department has constructed a computerized system that publishes the daily exchange rates of the local currency
More informationApsaraDB for RDS. Quick Start (PostgreSQL)
Getting started with ApsaraDB The Alibaba Relational Database Service (RDS) is a stable, reliable, and auto-scaling online database service. Based on the Apsara distributed file system and high-performance
More informationData Sheet. DPtech Anti-DDoS Series. Overview. Series
Data Sheet DPtech Anti-DDoS Series DPtech Anti-DDoS Series Overview DoS (Denial of Service) leverage various service requests to exhaust victims system resources, causing the victim to deny service to
More informationTitle: Multiple Remote Command Execution vulnerabilities on Avaya Intuity Audix LX (plus some client-side bugs)
Title: Multiple Remote Command Execution vulnerabilities on Avaya Intuity Audix LX (plus some client-side bugs) Document last modified on: 17th September 2009 Date of discovery of vulnerabilities: December
More informationWeb Application Firewall Subscription on Cyberoam UTM appliances
On-Appliance Reporting Web Application Firewall Subscription on Cyberoam UTM appliances Protecting Web Applications from hackers Application Visibility and Control Bandwidth Management Firewall Web Application
More informationApsaraDB for RDS. Quick Start (MySQL)
Get started with ApsaraDB The ApsaraDB Relational Database Service (RDS) is a stable and reliable online database service with auto-scaling capabilities. Based on the Apsara distributed file system and
More informationH3C S9500 QoS Technology White Paper
H3C Key words: QoS, quality of service Abstract: The Ethernet technology is widely applied currently. At present, Ethernet is the leading technology in various independent local area networks (LANs), and
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More informationQuick Start Guide for Administrators and Operators Cyber Advanced Warning System
NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System Introduction to the Cyber Advanced Warning System and RiskViewer... 1 Activating Your Account... 2 Adding a New
More informationNETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
NETWORK INTRUSION Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Recognize different
More informationAnti-DDoS. User Guide (Paris) Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 01 Date 2018-08-15 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2018. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationSecurity issues. Unit 27 Web Server Scripting Extended Diploma in ICT 2016 Lecture: Phil Smith
Security issues Unit 27 Web Server Scripting Extended Diploma in ICT 2016 Lecture: Phil Smith Criteria D3 D3 Recommend ways to improve web security when using web server scripting Clean browser input Don
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationHow to perform the DDoS Testing of Web Applications
How to perform the DDoS Testing of Web Applications Peerlyst November 02, 2017 Nasrumminallah Zeeshan (zeeshan@nzwriter.com) A Denial of Service (DoS) attack is consisted of carrying out traffic flooding
More informationConfiguring Anomaly Detection
CHAPTER 9 Caution Anomaly detection assumes it gets traffic from both directions. If the sensor is configured to see only one direction of traffic, you should turn off anomaly detection. Otherwise, when
More informationCSCE 548 Building Secure Software SQL Injection Attack
CSCE 548 Building Secure Software SQL Injection Attack Professor Lisa Luo Spring 2018 Previous class DirtyCOW is a special type of race condition problem It is related to memory mapping We learned how
More informationComputer Security Coursework Exercise CW1 Web Server and Application Security
Computer Security Coursework Exercise CW1 Web Server and Application Security In this coursework exercise we will guide you through an attack against a vulnerable machine. You will take the role of Mallet
More informationSecurity Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management
Seven Habits of Cyber Security for SMEs Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Security Policy is an important
More informationConfiguring Anomaly Detection
CHAPTER 9 This chapter describes anomaly detection and its features and how to configure them. It contains the following topics: Understanding Security Policies, page 9-2 Understanding Anomaly Detection,
More informationSECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER CYBER
SECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER INFLUENCER @RESPONSIBLE CYBER 1 AGENDA 1. Introduction: What is security? How much
More information