EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

Transcription

1 CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference

2 About Center of Advanced Security Training () The rapidly evolving information security landscape now requires professionals to stay up to date on the latest security technologies, threats and remediation strategies. was created to address the need for quality advanced technical training for information security professionals who aspire to acquire the skill sets required for their job functions. courses are advanced and highly technical training programs co-developed by and well-respected industry practitioners or subject matter experts. aims to provide specialized training programs that will cover key information security domains, at an advanced level.

3 Advanced SQLi Attacks and Countermeasures Course Description SQL injection is the most commonly used attack to break the security of a web application. According to NTT s Global Threat Intelligence Report (GTIR), cost for a 'minor' SQL injection attack exceeds $196,000. Database usage is on the rise, as well as the applications that interconnect databases, which makes SQL injection one of the top concern for IT security professionals. SQL injection takes advantage of non-validated input vulnerabilities and injects SQL commands through a web application that are executed in a back-end database. Attackers use this technique to either gain unauthorized access to a database or to retrieve information directly from the database. Attackers can use the SQLi attacks to steal sensitive data, spoof identity, tamper database records, reveal database structure, delete entire DB, execute system commands, elevate privileges and compromise the whole system, perform DoS attack on the server, etc. Advanced SQLi Attacks and Countermeasures course provides in-depth knowledge on different types of SQL injection techniques, how to detect vulnerabilities, automated SQL injection tools and various countermeasures to protect web application from attacks.

4 What Will You Learn? After completing this course, students will learn: 01 Fundamentals of how web applications, and server-side technologies work 02 Working of SQL injection attacks 03 SQL injection attack techniques, including error based, and blind SQL injections 04 Union exploitation technique 05 Different types of blind SQL injection attacks

5 06 How to detect SQL injection vulnerability 07 Testing for SQL injection and black-box pen testing techniques 08 Automated SQL injection vulnerability scanners 09 How to enumerate databases 10 Exploiting authentication vulnerabilities and launching Cross-Site Scripting (XSS) attacks 11 Compromise the network using SQL injection 12 Automated SQL Injection tools 13 SQL injection techniques to bypass filter, WAF, and IDS 14 How to defend against SQL injection attacks 15 Investigating and handling SQL attack incidents

6 Who Should Attend Database administrators Web app developers Security auditors Security professionals Duration 3 days (9:00 5:00)

7 Course Outline Module 01: Introduction to SQL Injection Attacks What Is SQL Injection? Example 5: Identifying the Table Name Why Bother about SQL Injection? Example 6: Deleting a Table SQL Injection Attacks SQL Injection Attack Categories How Web Applications Work Getting Private Info Server-side Technologies Types of SQL Injection HTTP Post Request Error Based SQL Injection Example 1: Normal SQL Query Error Based SQL Injection Techniques Example 1: SQL Injection Query Blind SQL Injection Example 1: Code Analysis No Error Messages Returned Example 2: BadProductList.aspx Blind SQL Injection: WAITFOR DELAY YES Example 2: Attack Analysis Example 3: Updating Table Example 4: Adding New Records or NO Response Blind SQL Injection: Boolean Exploitation technique

8 Module 02: SQL Injection Attack Methodology Information Gathering Extracting Information through Error Messages Understanding SQL Query SQL Injection Vulnerability Detection SQL Injection Detection SQL Injection Error Messages SQL Injection Attack Characters Additional Methods to Detect SQL Injection SQL Injection Black Box Pen Testing Testing for SQL Injection Code Review to Detect SQL Injection Vulnerabilities Perform Error based SQL injection Error Based Exploitation Technique Union Exploitation Technique Perform Error based SQL Injection: Using Union SQL Injection Bypass Website Logins Using SQL Injection Perform Blind SQL injection Blind SQL Injection Exploitation (MySQL) Blind SQL Injection - Extract Database User Blind SQL Injection - Extract Database Name Blind SQL Injection - Extract Column Name Blind SQL Injection - Extract Data from ROWS Exploiting Second-Order SQL Injection Second-Order SQL Injection: Scenario Finding Second-Order Vulnerabilities Finding Second-Order Vulnerabilities: Automated Scanners Steps to Identify Second-Order SQL Injection Vulnerabilities Exploiting Client-Side SQL Injection Attacking Client-Side Databases Using Hybrid Attacks Leveraging Captured Data Creating Cross-Site Scripting Running Operating System Commands on Oracle Exploiting Authenticated Vulnerabilities Enumerate Data Database, Table, and Column Enumeration Advanced Enumeration Creating Database Accounts Password Grabbing Grabbing SQL Server Hashes Extracting SQL Hashes (In a Single Statement) Transfer Database to Attacker s Machine Interact with the OS Interacting with the Operating System Interacting with the File System Compromise the Network Network Reconnaissance Using SQL Injection Network Reconnaissance Full Query Automated SQL Injection Tools

9 Module 03: Bypassing Filter, WAF, and IDS Evading Input Filters Using Case Variation Using SQL Comments Using URL Encoding Using Dynamic Query Execution Using Null Bytes Using Nesting Stripped Expressions Exploiting Truncation Using Non-Standard Entry Points Introduction to WAF Methods to Bypass WAF Bypassing WAF: SQL Injection - Normalization Bypassing WAF: SQL Injection - HTTP Parameter Pollution (HPP) Bypassing WAF: SQL Injection HTTP Parameter Fragmentation (HPF) Bypassing WAF: Blind SQL Injection Bypassing WAF: SQL Injection Signature Bypass PHPIDS ( ) default rules Mod_Security (2.5.9) default rules Evading IDS Types of Signature Evasion Techniques Evasion Technique: Sophisticated Matches Evasion Technique: Hex Encoding Evasion Technique: Manipulating White Spaces Evasion Technique: In-line Comment Evasion Technique: Char Encoding Evasion Technique: String Concatenation Evasion Technique: Obfuscated Codes

10 Module 04: SQL Injection Defenses and Incident Handling How to Defend Against SQL Injection Attacks SQL Injection Detection Tools Investigating and Handling SQL Attack Incidents Investigating a Suspected SQL Injection Attack Analyzing Digital Artifacts Containing the Incident Assessing the Data Involved Determining the Actions Performed by the Attacker on the System Recovering from a SQL Injection Attack Reducing the Attack Surface

11 Master Trainer: Haja Mohideen VP- TECHNOLOGY, EC- COUNCIL Mr. Haja Mohideen is the VP- Technology and Co-Founder of. He manages the certifications and training programs for, and leads the product development team. He is known worldwide as the creator of the popular certification programs Certified Ethical Hacker (C EH), Computer Hacking Forensics Investigator (CHFI), Certified System Analyst / Licensed Penetration Tester (ECSA/LPT) and Certified Secure Programmer (ECSP), among others. Haja has 17 years of experience specializing in the development, support and project management of PC software and hardware. He has trained various Fortune 500 companies as well as US government agencies. He is also the Master Trainer for courses, and his training is often sought after globally. He has led training in many countries including Greece, India, USA, Indonesia, Singapore, England, Mexico, amongst others. Haja is also one of few who are qualified to conduct train the trainer sessions for courses. Haja holds a Masters Degree in Software Engineering and has numerous industry-wide IT certifications from Microsoft, IBM, Cisco, Motorola, 3COM, Adobe, Intel and many others. He carries over 90 vendor certifications.

12