41

Greensql2007

Embed Size (px)

Citation preview

Page 1: Greensql2007
Page 2: Greensql2007

SQL INJECTION

AND

GREEN SQL

ABHISHEK KUMAR PRASAD (25500111003)

DEBLINA CHOWDHURY (25500111018)

KAUSTAV SENGUPTA (25500111024)

Page 3: Greensql2007

Internet in daily life

Code injection

SQl injection

GreenSQL

Page 4: Greensql2007

“Life has become easy by

INTERNET…”

Page 5: Greensql2007

It is a computer- based global information system.

Composed of many interconnected computer

networks.

Each network links with thousands of computers.

Enabling links to share information and processing

power.

Wonderful tool provides information at our finger tips.

INTRODUCTION TO INTERNET

Page 6: Greensql2007

EXTREME IMPACTS OF INTERNET

Page 7: Greensql2007

► Saved the world a great deal of time and money.

► There is a big influence of technique on our daily life.

► It is one of the newest and most forward-looking media

HOW INTERNET MADE LIFE EASY

Page 8: Greensql2007

INTERNET MADE CHANGES IN….

Bill payments

Railway Reservations

Banking

Business

Entertainment

Information

Weather Reports

Education

Job Search Engine

Shopping

Page 9: Greensql2007

DISADVANTAGES

Hacking

Code Injection

Spamming

Virus

In Appropriate websites

Isolation

Inaccurate information

Page 10: Greensql2007

What is code injection?

• Code injection is the exploitation of a computer

bug that is caused by processing invalid data.

• Code injection can be used by an attacker to

introduce (or "inject") code into a computer

program to change the course of execution.

• The results of a code injection attack can be

disastrous

Page 11: Greensql2007

Code injection

Page 12: Greensql2007

Different types of Code injection

• SQL injection

• LDAP Injection

• OS Command Injection

• Cross-Site Scripting (“XSS”)

Page 13: Greensql2007

Many web applications take user input from a form

Often this user input is used literally in the construction of a SQL query

submitted to a database. For example:

SELECT productdata FROM table WHERE productname = ‘user input

product name’;

A SQL injection attack involves placing SQL statements in the user

input

What is a SQL Injection Attack?

Page 14: Greensql2007

SQL injection

Input contains special characters and hidden SQL commands

Server accidentally passes hidden SQL commands to database.

Page 15: Greensql2007

Product Search:

This input is put directly into the SQL statement within the Web application:

$query = “SELECT prodinfo FROM prodtable WHERE prodname = ‘” . $_POST[‘prod_search’] . “’”;

Creates the following SQL:

SELECT prodinfo FROM prodtable WHERE prodname = ‘blah‘ OR ‘x’ = ‘x’

Attacker has now successfully caused the entire database to be returned.

An Example SQL Injection Attack

‘blah‘ OR ‘x’ = ‘x’

Page 16: Greensql2007

Sample SQL injection

User Input Chris’; DROP TABLE USER_TABLE;--

Query SELECT password FROM USER_TABLE WHERE username=‘Chris’; DROP TABLE

USER_TABLE;--’

Result USER_TABLE is deleted by the hacker.

Example 1: Data Loss

Example 2: Data Leakage

User Input ‘AND 1=0 UNION

SELECT card_number AS uid,card_holder_name

AS uname,expiry_date AS password FROM

CREDITCARD’

Query SELECT uid,uname,password FROM USERS WHERE

uname=‘AND 1=0 UNION

SELECT card_number AS uid,card_holder_name

AS uname,expiry_date AS password FROM

CREDITCARD’

Page 17: Greensql2007

Examples of SQL injection

These attacks noted on the Eastern European website started early in March and by

Wednesday March 12, 2008, 10,000 Web pages were compromised. Here is a diagram

of how it is done

Page 18: Greensql2007

Examples of SQL injection

Here is a diagram of how to protect against it

Page 19: Greensql2007

Using SQL injections, attackers can:

Add new data to the database

Could be embarrassing to find yourself selling politically incorrect items on an e-Commerce site

Perform an INSERT in the injected SQL

Modify data currently in the database

Could be very costly to have an expensive item suddenly be

deeply ‘discounted’

Perform an UPDATE in the injected SQL

Often can gain access to other user’s system capabilities by

obtaining their password

Other injection possibilities

Page 20: Greensql2007

Use provided functions for escaping strings

Many attacks can be thwarted by simply using the SQL string escaping

mechanism

‘ \’ and “ \”

mysql_real_escape_string() is the preferred function for this

Not a silver bullet!

Consider:

SELECT fields FROM table WHERE id = 23 OR 1=1

No quotes here!

Defenses

Page 21: Greensql2007

Check syntax of input for validity

Many classes of input have fixed languages

Email addresses, dates, part numbers, etc.

Verify that the input is a valid string in the language

Sometime languages allow problematic characters (e.g., ‘*’ in email addresses); may decide to not allow these

If you can exclude quotes and semicolons that’s good

Not always possible: consider the name Bill O’Reilly

Want to allow the use of single quotes in names

Have length limits on input

Many SQL injection attacks depend on entering long strings

More Defenses

Page 22: Greensql2007

Scan query string for undesirable word combinations that

indicate SQL statements

INSERT, DROP, etc.

If you see these, can check against SQL syntax to see if they

represent a statement or valid user input

Limit database permissions and segregate users

If you’re only reading the database, connect to database

as a user that only has read permissions

Never connect as a database administrator in your web

application

More Defenses

Page 23: Greensql2007

Configure database error reporting

Default error reporting often gives away information that is valuable for

attackers (table name, field name, etc.)

Configure so that this information is never exposed to a user

If possible, use bound variables

Some libraries allow you to bind inputs to variables inside a SQL statement

PERL example (from http://www.unixwiz.net/techtips/sql-injection.html)

$sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = ?;");

$sth->execute($email);

More Defenses

Page 24: Greensql2007
Page 25: Greensql2007

SQL Injection

Code injection technique

Gain Unauthorized access to database

Page 26: Greensql2007

Web Application Architecture

Page 27: Greensql2007

GreenSQL

Known as database firewall

Works as a proxy for SQL commands

Calculates risks of queries

Supports different modes for protection

Page 28: Greensql2007

• SQL Injection protection

• Full separation of duties

• Database Activity Monitoring ( DAM )

• IPS/IDS

• Learning mode

• Flexible deployment options

• Highly granular rules• Real time e-mail alerts

Page 29: Greensql2007

Calculation of Risky Queries

Fingerprinting of database

Stack-based queries

SQL tautology

Page 30: Greensql2007

Modes of GreenSQL

IDS Mode

IPS Mode

Learning Mode

Database Firewall Mode

Page 31: Greensql2007

GreenSQL Architecture

Page 32: Greensql2007

GreenSQL Login

Page 33: Greensql2007

GreenSQL Dashboard

Page 34: Greensql2007

GreenSQL Database List

Page 35: Greensql2007

GreenSQL Whitelist Configuration

Page 36: Greensql2007

GreenSQL Database Settings

Page 37: Greensql2007

GreenSQL Database Overview

Page 38: Greensql2007

GreenSQL Mail Alerts

Page 39: Greensql2007

Conclusion

Provides great security regarding different sql attacks

Can be used as a penetration tool !!!

Page 40: Greensql2007
Page 41: Greensql2007

Advertising Psychology

Advertising Psychology

Technology
6 key learnings for responsive webdesign

6 key learnings for responsive webdesign

Technology
Foursquare Wallet presentation

Foursquare Wallet presentation

Technology
Snapshot of Digital India - March 2014

Snapshot of Digital India - March 2014

Technology
Design Principles: The Philosophy of UX

Design Principles: The Philosophy of UX

Technology
User Centered Design Overview

User Centered Design Overview

Technology
Big Data - The 5 Vs Everyone Must Know

Big Data - The 5 Vs Everyone Must Know

Technology
Zipcar Millennials Survey

Zipcar Millennials Survey

Technology
App optimization for ios 7

App optimization for ios 7

Technology
trendwatching.com's INNOVATION CELEBRATION

trendwatching.com's INNOVATION CELEBRATION

Technology
Using Social Networks as Job Searching Tools

Using Social Networks as Job Searching Tools

Technology
The Essence of Design for Startups

The Essence of Design for Startups

Technology
From Paths to Sandboxes

From Paths to Sandboxes

Technology
The Art & Science of Seductive Interactions

The Art & Science of Seductive Interactions

Technology
The Art Of Colors

The Art Of Colors

Technology
Best Practice For UX Deliverables - Eventhandler, London, 05 March 2014

Best Practice For UX Deliverables - Eventhandler, London, 05 March 2014

Technology
Wireframes for the Wicked

Wireframes for the Wicked

Technology
Simple Steps to UX/UI Web Design

Simple Steps to UX/UI Web Design

Technology
Personal Branding Presentation for HCC

Personal Branding Presentation for HCC

Technology
On Digital Transformation - 10 Observations

On Digital Transformation - 10 Observations

Technology
Expert Positioning Using LinkedIn

Expert Positioning Using LinkedIn

Technology
Evangelizing Yourself

Evangelizing Yourself

Technology
The Value of User Experience (from Web 2.0 Expo Berlin 2008)

The Value of User Experience (from Web 2.0 Expo Berlin 2008)

Technology
Crafting a UX Strategy for Wearables and the Mobile Mainframe

Crafting a UX Strategy for Wearables and the Mobile Mainframe

Technology
Apple 03 - Management Mistakes

Apple 03 - Management Mistakes

Technology
Psychology Of The Winner

Psychology Of The Winner

Technology
Lean Prototyping - A Practical Guide

Lean Prototyping - A Practical Guide

Technology
What is Big Data?

What is Big Data?

Technology
trendwatching.com's INTERNET OF CARING THINGS

trendwatching.com's INTERNET OF CARING THINGS

Technology
Succumbing to the Python in Financial Markets

Succumbing to the Python in Financial Markets

Technology