SQL Injection Attacks and Defense
|
|
- Darren Rich
- 5 years ago
- Views:
Transcription
1 SQL Injection Attacks and Defense Justin Clarke Lead Author and Technical Editor Rodrigo Marcos Alvarez Dave Hartley Joseph Hemler Alexander Kornbrust Haroon Meer Gary O'Leary-Steele Alberto Revelli Marco Slaviero Dafydd Stuttard
2 Chapter 1 What Is SQL Injection? 1 Introduction 2 Understanding How Web Applications Work 2 A Simple Application Architecture 4 A More Complex Architecture 5 Understanding SQL Injection 6 High-Profile Examples 10 Understanding How It Happens 13 Dynamic String Building 13 Incorrectly Handled Escape Characters 14 Incorrectly Handled Types 15 Incorrectly Handled Query Assembly 17 Incorrectly Handled Errors 18 Incorrectly Handled Multiple Submissions 19 Insecure Database Configuration 21 Summary 24 Solutions Fast Track 24 Frequently Asked Questions 26 Chapter 2 Testing for SQL Injection 29 Introduction ~ 30 Finding SQL Injection 30 Testing by Inference 31 Identifying Data Entry 31 GET Requests 31 POST Requests 32 Other Injectable Data 35 Manipulating Parameters 36 Information Workflow 39 Database Errors 40 Commonly Displayed SQL Errors 41 Microsoft SQL Server Errors 41 MySQL Errors 46 Oracle Errors 49 ix
3 Application Response 51 Generic Errors 51 HTTP Code Errors 54 Different Response Sizes 55 Blind Injection Detection 56 Confirming SQL Injection 60 Differentiating Numbers and Strings 61 Inline SQL Injection 62 Injecting Strings Inline 62 Injecting Numeric Values Inline 65 Terminating SQL Injection 68 Database Comment Syntax 69 Using Comments 70 Executing Multiple Statements 74 Time Delays 79 Automating SQL Injection Discovery 80 Tools for Automatically Finding SQL Injection 81 HP Weblnspect 81 IBM Rational AppScan 83 HP Scrawlr 85 SQLiX 87 Paros Proxy 88 Summary 91 Solutions Fast Track 91 Frequently Asked Questions 93 Chapter 3 Reviewing Code for SQL Injection 95 Introduction 96 Reviewing Source Code for SQL Injection 96 Dangerous Coding Behaviors 98 Dangerous Functions 105 Following the Data 109 Following Data in PHP 110 Following Data in Java 114 Following Data in C# 115 Reviewing PL/SQL andt-sql Code 117 Automated Source Code Review 124 Yet Another Source Code Analyzer (YASCA) 125 Pixy 126 AppCodeScan 127
4 xi LAPSE 127 Security Compass Web Application Analysis Tool (SWAAT) 128 Microsoft Source Code Analyzer for SQL Injection 128 Microsoft Code Analysis Tool.NET (CAT.NET) 129 Commercial Source Code Review Tools 129 Ounce 131 Source Code Analysis 131 CodeSecure 132 Summary 133 Solutions Fast Track 133 Frequently Asked Questions 135 Chapter 4 Exploiting SQL Injection 137 Introduction 138 Understanding Common Exploit Techniques 139 Using Stacked Queries 141 Identifying the Database 142 Non-Blind Fingerprint 142 Banner Grabbing 144 Blind Fingerprint 146 Extracting Data through UNION Statements 148 Matching Columns 149 Matching Data Types 151 Using Conditional Statements 156 Approach 1: Time-based 157 Approach 2: Error-based 159 Approach 3: Content-based 161 Working with Strings Extending the Attack 163 Using Errors for SQL Injection 164 Error Messages in Oracle 167 Enumerating the Database Schema 170 SQL Server 171 MySQL 177 Oracle 180 Escalating Privileges 183 SQL Server 184 Privilege Escalation on Unpatched Servers 189 Oracle 190
5 xii Stealing the Password Hashes 192 SQL Server 192 MySQL 194 Oracle 194 Oracle Components 196 APEX 196 Oracle Internet Directory 197 Out-of-Band Communication Microsoft SQL Server 199 Oracle 202 HTTP/DNS 203 File System 203 SQL Server ' 204 MySQL 207 Oracle 208 Automating SQL Injection Exploitation 208 Sqlmap 208 Sqlmap Example 209 Bobcat 211 BSQL 212 Other Tools 214 Summary 215 Solutions Fast Track 215 Frequently Asked Questions 218 Chapter 5 Blind SQL Injection Exploitation 219 Introduction 220 Finding and Confirming Blind SQL Injection 221 Forcing Generic Errors 221 Injecting Queries with Side Effects 222 Spitting and Balancing 222 Common Blind SQL Injection Scenarios 225 Blind SQL Injection Techniques 225 Inference Techniques 226 Increasing the Complexity of Inference Techniques 230 Alternative Channel Techniques 234 Using Time-Based Techniques 235 Delaying Database Queries 235 MySQL Delays 235
6 xiii Generic MySQL Binary Search Inference Exploits 237 Generic MySQL Bit-by-Bit Inference Exploits 237 SQL Server Delays 238 Generic SQL Server Binary Search Inference Exploits 240 Generic SQL Server Bit-by-Bit Inference Exploits 240 Oracle Delays 240 Time-Based Inference Considerations 241 Using Response-Based Techniques 242 MySQL Response Techniques 242 SQL Server Response Techniques 244 Oracle Response Techniques 246 Returning More Than One Bit of Information 247 Using Alternative Channels 249 Database Connections 250 DNS Exfiltration 251 Exfiltration 255 HTTP Exfiltration 256 Automating Blind SQL Injection Exploitation 258 Absinthe 258 BSQL Hacker 260 SQLBrute 263 Sqlninja 264 Squeeza 265 Summary 267 Solutions Fast Track 267 Frequently Asked Questions 270 Chapter б Exploiting the Operating System 271 Introduction 272 Accessing the File System 273 Reading Files 273 MySQL 274 Microsoft SQL Server 280 Oracle 289 Writing Files 291 MySQL 292 Microsoft SQL Server 295 Oracle 300 Executing Operating System Commands 301 Direct Execution 301
7 xiv Oracle 301 DBMS_SCHEDULER 302 PL/SQL Native 302 Other Possibilities 303 Alter System Set Events 303 PL/SQL Native 9i 303 Buffer Overflows 304 Custom Application Code 304 MySQL 304 Microsoft SQL Server 305 Consolidating Access 309 Summary 312 Solutions Fast Track : 312 Frequently Asked Questions 314 Endnotes 315 Chapter 7 Advanced Topics 317 Introduction 318 Evading Input Filters 318 Using Case Variation 319 Using SQL Comments 319 Using URL Encoding 320 Using Dynamic Query Execution 322 Using Null Bytes 323 Nesting Stripped Expressions 324 Exploiting Truncation 324 Bypassing Custom Filters 326 Using Non-Standard Entry Points 327 Exploiting Second-Order SQL Injection 329 Finding Second-Order Vulnerabilities 332 Using Hybrid Attacks 335 Leveraging Captured Data 335 Creating Cross-Site Scripting 335 Running Operating System Commands on Oracle 336 Exploiting Authenticated Vulnerabilities 337 Summary 338 Solutions Fast Track 338 Frequently Asked Questions 340
8 xv Chapter 8 Code-Level Defenses 341 Introduction 342 Using Parameterized Statements 342 Parameterized Statements in Java 344 Parameterized Statements in.net (C#) 345 Parameterized Statements in PHP 347 Parameterized Statements in PL/SQL 348 Validating Input 349 Whitelisting 349 Blacklisting 351 Validating Input in Java 353 Validating Input in.net 354 Validating Input in PHP 354 Encoding Output 355 Encoding to the Database 355 Encoding for Oracle 356 Oracle dbms_assert 357 Encoding for Microsoft SQL Server 359 Encoding for MySQL 360 Canonicalization 362 Canonicalization Approaches 363 Working with Unicode 364 Designing to Avoid the Dangers of SQL Injection 365 Using Stored Procedures 366 Using Abstraction Layers 367 Handling Sensitive Data 368 Avoiding Obvious Object Names 369 Setting Up Database Honeypots 370 Additional Secure Development Resources 371 Summary 373 Solutions Fast Track 373 Frequently Asked Questions 375 Chapter 9 Platform-Level Defenses 377 Introduction 378 Using Runtime Protection 378 Web Application Firewalls 379 Using ModSecurity 380 Configurable Rule Set 380 Request Coverage 383
9 Request Normalization 383 Response Analysis 384 Intrusion Detection Capabilities 385 Intercepting Filters 386 Web Server Filters 386 Application Filters 389 Implementing the Filter Pattern in Scripted Languages 390 Filtering Web Service Messages 391 Non-Editable versus Editable Input Protection 391 URL/Page-Level Strategies 392 Page Overriding 392 URL Rewriting 393 Resource Proxying/Wrapping 393 Aspect-Oriented Programming (AOP) 393 Application Intrusion Detection Systems (IDSs) 394 Database Firewall 394 Securing the Database 395 Locking Down the Application Data 395 Use the Least-Privileged Database Login 395 Revoke PUBLIC Permissions 396 Use Stored Procedures 396 Use Strong Cryptography to Protect Stored Sensitive Data 397 Maintaining an Audit Trail 398 Oracle Error Triggers 398 Locking Down the Database Server 400 Additional Lockdown of System Objects 400 Restrict Ad Hoc Querying 401 Strengthen Controls Surrounding Authentication 401 Run in the Context of the Least-Privileged Operating System Account 401 Ensure That the Database Server Software Is Patched 402 Additional Deployment Considerations 403 Minimize Unnecessary Information Leakage 403 Suppress Error Messages 403 Use an Empty Default Web Site 406 Use Dummy Host Names for Reverse DNS Lookups 406 Use Wildcard SSL Certificates 407 Limit Discovery via Search Engine Hacking 407 Disable Web Services Description Language (WSDL) Information 408
10 xvii Increase the Verbosity of Web Server Logs 409 Deploy the Web and Database Servers on Separate Hosts 409 Configure Network Access Control 409 Summary 410 Solutions Fast Track 410 Frequently Asked Questions 412 Chapter 10 References 415 Introduction 416 Structured Query Language (SQL) Primer 416 SQL Queries 416 SELECT Statement 417 UNION Operator 417 INSERT Statement 418 UPDATE Statement 418 DELETE Statement 418 DROP Statement 420 CREATE TABLE Statement 420 ALTER TABLE Statement 420 GROUP BY Statement 421 ORDER BY Clause 421 Limiting the Result Set 421 SQL Injection Quick Reference 422 Identifying the Database Platform 422 Identifying the Database Platform via Time Delay Inference 423 Identifying the Database Platform via SQL Dialect Inference 423 Combining Multiple Rows into a Single Row 424 Microsoft SQL Server Cheat Sheet 425 Enumerating Database Configuration Information and Schema 425 Blind SQL Injection Functions: Microsoft SQL Server 427 Microsoft SQL Server Privilege Escalation 427 OPENROWSET Reauthentication Attack 428 Attacking the Database Server: Microsoft SQL Server 429 System Command Execution via xp_cmdshell 429 xp_cmdshell Alternative 430 Cracking Database Passwords 430 Microsoft SQL Server 2005 Hashes 431 File Read/Write 431
11 xviii MySQL Cheat Sheet 431 Enumerating Database Configuration Information and Schema 431 Blind SQL Injection Functions: MySQL 432 Attacking the Database Server: MySQL 433 System Command Execution 433 Cracking Database Passwords 434 Attacking the Database Directly 434 File Read/Write 434 Oracle Cheat Sheet 435 Enumerating Database Configuration Information and Schema 435 Blind SQL Injection Functions: Oracle Attacking the Database Server: Oracle 437 Command Execution 437 Reading Local Files 437 Reading Local Files (PL/SQL Injection Only) 438 Writing Local Files (PL/SQL Injection Only) 439 Cracking Database Passwords 440 Bypassing Input Validation Filters 440 Quote Filters 440 HTTP Encoding 442 Troubleshooting SQL Injection Attacks 443 SQL Injection on Other Platforms 446 PostgreSQL Cheat Sheet 446 Enumerating Database Configuration Information and Schema 447 Blind SQL Injection Functions: PostgreSQL 448 Attacking the Database Server: PostgreSQL 448 System Command Execution 448 Local File Access 449 Cracking Database Passwords 449 DB2 Cheat Sheet 449 Enumerating Database Configuration Information and Schema 449 Blind SQL Injection Functions: DB2 450 Informix Cheat Sheet 451 Enumerating Database Configuration Information and Schema 451 Blind SQL Injection Functions: Informix 452
12 xix Ingres Cheat Sheet 452 Enumerating Database Configuration Information and Schema 452 Blind SQL Injection Functions: Ingres 453 Microsoft Access 453 Resources 453 SQL Injection White Papers 453 SQL Injection Cheat Sheets 454 SQL Injection Exploit Tools 454 Password Cracking Tools 455 Solutions Fast Track 456 Index 459
Justin Clarke Lead Author and Technical Editor. Rodrigo Marcos Alvarez Dave Hartley Joseph Hemler Alexander Kornbrust Haroon Meer
Justin Clarke Lead Author and Technical Editor Rodrigo Marcos Alvarez Dave Hartley Joseph Hemler Alexander Kornbrust Haroon Meer Gary O Leary-Steele Alberto Revelli Marco Slaviero Dafydd Stuttard Elsevier,
More informationWeb Application Attacks
Web Application Attacks What can an attacker do and just how hard is it? By Damon P. Cortesi IOActive, Inc. Comprehensive Computer Security Services www.ioactive.com cortesi:~
More informationWho s Afraid of SQL Injection?! Mike Kölbl Sonja Klausburg Siegfried Goeschl
Who s Afraid of SQL Injection?! Mike Kölbl Sonja Klausburg Siegfried Goeschl 1 http://xkcd.com/327/ 2 What Is SQL Injection? Incorrectly validated or nonvalidated string literals are concatenated into
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationIT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery and Support Week Three IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Infrastructure Essentials Computer Hardware Operating Systems (OS) & System Software Applications
More informationKarthik Bharathy Program Manager, SQL Server Microsoft
Karthik Bharathy Program Manager, SQL Server Microsoft Key Session takeaways Understand the many views of SQL Server Look at hardening SQL Server At the network level At the access level At the data level
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationA D V I S O R Y S E R V I C E S. Web Application Assessment
A D V I S O R Y S E R V I C E S Web Application Assessment March 2009 Agenda Definitions Landscape of current web applications Required skills Attack surface Scope Methodology Soft skills 2 Definitions
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationHunting Security Bugs
Microsoft Hunting Security Bugs * Tom Gallagher Bryan Jeffries Lawrence Landauer Contents at a Glance 1 General Approach to Security Testing 1 2 Using Threat Models for Security Testing 11 3 Finding Entry
More informationATTACKING SYSTEM & WEB Desmond Alexander CISSP / GIAC/ GPEN CEO FORESEC
ATTACKING SYSTEM & WEB Desmond Alexander CISSP / GIAC/ GPEN CEO FORESEC AGENDA VULNERABILITIES OF WEB EXPLOIT METHODS COUNTERMEASURE About Me DIRECTOR OF FORESEC COUNTER TERRORIST ACTION TEAM RESEARCH
More informationJacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013
Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Welcome Back! A Quick Recap of the Last Presentation: Overview of web technologies. What it is. How it works. Why it s attractive
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationKishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009
Securing Web Applications: Defense Mechanisms Kishin Fatnani Founder & Director K-Secure Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 1 Agenda Current scenario in Web Application
More informationLecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion
IN5290 Ethical Hacking Lecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion Universitetet i Oslo Laszlo Erdödi Lecture Overview What is SQL injection
More informationCOPYRIGHTED MATERIAL. Contents. Chapter 1: Introducing T-SQL and Data Management Systems 1. Chapter 2: SQL Server Fundamentals 23.
Introduction Chapter 1: Introducing T-SQL and Data Management Systems 1 T-SQL Language 1 Programming Language or Query Language? 2 What s New in SQL Server 2008 3 Database Management Systems 4 SQL Server
More informationSecure Programming Lecture 8++: SQL Injection
Secure Programming Lecture 8++: SQL Injection David Aspinall, Informatics @ Edinburgh 9th February 2016 Outline Overview Other past attacks More examples Classification Injection route and motive Forms
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationInjection attacks use specially crafted inputs to subvert the intended operation of applications.
Secure Programming Lecture 8: SQL Injection David Aspinall, Informatics @ Edinburgh 8th February 2018 Recap Injection attacks use specially crafted inputs to subvert the intended operation of applications.
More informationCONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7
CONTENTS IN DETAIL FOREWORD by HD Moore xiii PREFACE xvii ACKNOWLEDGMENTS xix Special Thanks... xx INTRODUCTION xxi Why Do A Penetration Test?... xxii Why Metasploit?... xxii A Brief History of Metasploit...
More informationSQL Injection. EECS Introduction to Database Management Systems
SQL Injection EECS3421 - Introduction to Database Management Systems Credit "Foundations of Security: What Every Programmer Needs To Know" (Chapter 8) by Neil Daswani, Christoph Kern, and Anita Kesavan
More informationSECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER CYBER
SECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER INFLUENCER @RESPONSIBLE CYBER 1 AGENDA 1. Introduction: What is security? How much
More informationSINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker
NH9000 Certified Ethical Hacker 104 Total Hours COURSE TITLE: Certified Ethical Hacker COURSE OVERVIEW: This class will immerse the student into an interactive environment where they will be shown how
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationInjection. CSC 482/582: Computer Security Slide #1
Injection Slide #1 Topics 1. Injection Attacks 2. SQL Injection 3. Mitigating SQL Injection 4. XML Injection Slide #2 Injection Injection attacks trick an application into including unintended commands
More informationForeword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1
Brief Contents Foreword by Katie Moussouris.... xv Acknowledgments... xvii Introduction...xix Chapter 1: The Basics of Networking... 1 Chapter 2: Capturing Application Traffic... 11 Chapter 3: Network
More information"Charting the Course... MOC C: Developing SQL Databases. Course Summary
Course Summary Description This five-day instructor-led course provides students with the knowledge and skills to develop a Microsoft SQL database. The course focuses on teaching individuals how to use
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationDatabase Attacks, How to protect the corporate assets. Presented by: James Bleecker
Database Attacks, How to protect the corporate assets Presented by: James Bleecker Agenda Introduction Network/Application Landscape Database Vulnerabilities Are The New Front-Lines Attacking Where the
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationMcAfee Certified Assessment Specialist Network
McAfee MA0-150 McAfee Certified Assessment Specialist Network Version: 4.0 Topic 1, Volume A QUESTION NO: 1 An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationAutomated SQL Ownage Techniques. OWASP October 30 th, The OWASP Foundation
Automated SQL Ownage Techniques October 30 th, 2009 Sebastian Cufre Developer Core Security Technologies sebastian.cufre@coresecurity.com Copyright The Foundation Permission is granted to copy, distribute
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More information.NET Secure Coding for Client-Server Applications 4-Day hands on Course. Course Syllabus
.NET Secure Coding for Client-Server Applications 4-Day hands on Course Course Syllabus Course description.net Secure Coding for Client-Server Applications 4-Day hands on Course Secure programming is the
More informationECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ]
s@lm@n ECCouncil Exam 312-50v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ] Topic break down Topic No. of Questions Topic 1: Background 38 Topic 3: Security 57 Topic 4: Tools
More information"Charting the Course... Intermediate PHP & MySQL Course Summary
Course Summary Description In this PHP training course, students will learn to create database-driven websites using PHP and MySQL or the database of their choice. The class also covers SQL basics. Objectives
More informationHP 2012 Cyber Security Risk Report Overview
HP 2012 Cyber Security Risk Report Overview September 2013 Paras Shah Software Security Assurance - Canada Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject
More informationThe Android security jungle: pitfalls, threats and survival tips. Scott
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Google s protection Threats Risks Survival Network Data protection (encryption) App/device
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationPractical Automated Web Application Attack Techniques Justin Clarke Gotham Digital Science Gotham Digital Science Ltd
Practical Automated Web Application Attack Techniques Justin Clarke Gotham Digital Science Why this talk? The techniques are well known, but how about some way of applying ppy them? Commercial tools are
More information"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary
Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based
More informationNotes From The field
Notes From The field tools and usage experiences Jarkko Holappa Antti Laulajainen Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the License.
More informationReal Application Security Administration
Oracle Database Real Application Security Administration Console (RASADM) User s Guide 12c Release 2 (12.2) E85615-01 June 2017 Real Application Security Administration Oracle Database Real Application
More informationOWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13
Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access
More informationBlind XPath Injection Attack: A Case Study
Article can be accessed online at http://www.publishingindia.com Blind XPath Injection Attack: A Case Study Jyoti Lakhani* Abstract Extensible Mark-up Language (XML) is adopted by different organizations
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationWeb Penetration Testing
Web Penetration Testing What is a Website How to hack a Website? Computer with OS and some servers. Apache, MySQL...etc Contains web application. PHP, Python...etc Web application is executed here and
More informationA Web-Based Introduction
A Web-Based Introduction to Programming Essential Algorithms, Syntax, and Control Structures Using PHP, HTML, and MySQL Third Edition Mike O'Kane Carolina Academic Press Durham, North Carolina Contents
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More informationOracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017
Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E87635-01 November 2017 Copyright 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation
More informationAndrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West
Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing Advancing Expertise in Security Testing Taming the Wild West Canberra, Australia 1 Who is this guy? Andrew
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationCNIT 129S: Securing Web Applications. Ch 4: Mapping the Application
CNIT 129S: Securing Web Applications Ch 4: Mapping the Application Mapping Enumerate application's content and functionality Some is hidden, requiring guesswork and luck to discover Examine every aspect
More informationOracle Database 10g: Introduction to SQL
ORACLE UNIVERSITY CONTACT US: 00 9714 390 9000 Oracle Database 10g: Introduction to SQL Duration: 5 Days What you will learn This course offers students an introduction to Oracle Database 10g database
More informationSecure Web App. 제목 : Secure Web Application v1.0 ( 채수민책임 ) Copyright 2008 Samsung SDS Co., Ltd. All rights reserved - 1 -
Secure Web App. Copyright 2008 Samsung SDS Co., Ltd. All rights reserved - 1 - Building & Testing Secure Web Applications By Aspect Security Copyright 2008 Samsung SDS Co., Ltd. All rights reserved - 2
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationChapter 5: Database Security
i Chapter 5: Comp Sci 3600 Outline i 1 2 i 3 4 5 Outline i 1 2 i 3 4 5 What is a i Structured collection of data stored for use by one or more applications Contains the relationships between data items
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationCertified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationobject/relational persistence What is persistence? 5
contents foreword to the revised edition xix foreword to the first edition xxi preface to the revised edition xxiii preface to the first edition xxv acknowledgments xxviii about this book xxix about the
More informationEvaluating Website Security with Penetration Testing Methodology
Evaluating Website Security with Penetration Testing Methodology D. Menoski, P. Mitrevski and T. Dimovski St. Clement of Ohrid University in Bitola/Faculty of Technical Sciences, Bitola, Republic of Macedonia
More informationCSE 127 Computer Security
CSE 127 Computer Security Fall 2015 Web Security I: SQL injection Stefan Savage The Web creates new problems Web sites are programs Partially implemented in browser» Javascript, Java, Flash Partially implemented
More information"Charting the Course... Oracle18c SQL (5 Day) Course Summary
Course Summary Description This course provides a complete, hands-on introduction to SQL including the use of both SQL Developer and SQL*Plus. This coverage is appropriate for users of Oracle11g and higher.
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationAuthorization, Database Security
Authorization, Database Security FCDB 10.1 Dr. Chris Mayfield Department of Computer Science James Madison University Mar 26, 2018 Database security 101 Access control, users/groups Views (for limiting
More informationWho am I? Sandro Gauci and EnableSecurity Over 8 years in the security industry Published security research papers Tools - SIPVicious and SurfJack
Who am I? Sandro Gauci and EnableSecurity Over 8 years in the security industry Published security research papers Tools - SIPVicious and SurfJack Web Application Firewall Shortcomings The presentation
More informationInstalling and Administering a Satellite Environment
IBM DB2 Universal Database Installing and Administering a Satellite Environment Version 8 GC09-4823-00 IBM DB2 Universal Database Installing and Administering a Satellite Environment Version 8 GC09-4823-00
More informationSecure Coding, some simple steps help. OWASP EU Tour 2013
Secure Coding, some simple steps help. OWASP EU Tour 2013 About Me Steven van der Baan - Dutch - 7Safe, part of PA Consulting Group - Developer - Pentester - Consultant - CISSP, OSCP It's amazing how
More informationWEB SECURITY p.1
WEB SECURITY 101 - p.1 spritzers - CTF team spritz.math.unipd.it/spritzers.html Disclaimer All information presented here has the only purpose to teach how vulnerabilities work. Use them to win CTFs and
More informationHacking Oracle APEX. Welcome. About
Hacking Oracle APEX!2 About Me Welcome scott@sumnertech.com @sspendol!3!4 About Sumner Technologies Originally Established 2005 Relaunched in 2015 Focused exclusively on Oracle APEX solutions Provide wide
More informationdotdefender User Guide Applicure Web Application Firewall
dotdefender User Guide Applicure Web Application Firewall Table of Contents Chapter 1 Introduction... 5 1.1 Overview... 5 1.2 Components... 6 1.2.1 Specific Windows components... 6 1.2.2 Specific Linux/Unix
More informationWeb Application Security. OWASP 11 th August, The OWASP Foundation Basic SQL injection Basic Click Jacking
Web Application Security Basic SQL injection Basic Click Jacking OWASP 11 th August, 2012 Vinod Senthil T Director infysec vinod@infysec.com 044-42611142/43 Copyright The OWASP Foundation Permission is
More information"Charting the Course... Oracle 18c PL/SQL (5 Day) Course Summary
Course Summary Description This course provides a complete, hands-on, comprehensive introduction to PL/SQL including the use of both SQL Developer and SQL*Plus. This coverage is appropriate for both Oracle11g
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationjk0-022 Exam Questions Demo CompTIA Exam Questions jk0-022
CompTIA Exam Questions jk0-022 CompTIA Academic/E2C Security+ Certification Exam Voucher Only Version:Demo 1.An attacker used an undocumented and unknown application exploit to gain access to a file server.
More informationManual Trigger Sql Server 2008 Examples Update
Manual Trigger Sql Server 2008 Examples Update SQL Server has a pool of memory that is used to store both execution plans and data buffers. For example, the first of these SELECT statements is not matched
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationA1 (Part 2): Injection SQL Injection
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Firewall Firewall Accounts
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationOracle Database. Installation and Configuration of Real Application Security Administration (RASADM) Prerequisites
Oracle Database Real Application Security Administration 12c Release 1 (12.1) E61899-04 May 2015 Oracle Database Real Application Security Administration (RASADM) lets you create Real Application Security
More informationPenetration Testing. James Walden Northern Kentucky University
Penetration Testing James Walden Northern Kentucky University Topics 1. What is Penetration Testing? 2. Rules of Engagement 3. Penetration Testing Process 4. Map the Application 5. Analyze the Application
More informationWeb Security. Outline
Security CS 161/194-1 Anthony D. Joseph November 21, 2005 s Outline Static and Dynamic Content Firewall review Adding a DMZ Secure Topologies 2 1 Polls How many people have set up a personal web server?
More informationMcAfee Web Gateway Administration
McAfee Web Gateway Administration Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction to the tasks crucial
More informationMcAfee Web Gateway Administration Intel Security Education Services Administration Course Training
McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction
More informationServer-side web security (part 2 - attacks and defences)
Server-side web security (part 2 - attacks and defences) Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Basic injections $query = "SELECT name, lastname,
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More information