Ficha técnica de curso Código: IFCPR140c. SQL Injection Attacks and Defense

Transcription

1 Curso de: Objetivos: SQL Injection Attacks and Defense Proteger nuestra B.D. y prevenir los ataques, realizando una buena defensa. Mostrar los pasos y pautas a seguir para hacer nuestro sistema mas robusto y mejor protegido a los ataques. Destinado a: Todos los informáticos que quieres proteger el sistema a posibles ataques. Duración: 20 horas Modalidad: Presencial Horario: Plazas: 15 Periodicidad: 30 días Comienzo: Documentación: En formato pdf Requisitos: Tutorías: Acreditación: Precio: A aportar: Certificación acreditativa Revisión Página 1 de 8

2 Contenido del Curso: Chapter 1 What Is SQL Injection? Understanding How Web Applications Work A Simple Application Architecture A More Complex Architecture Understanding SQL Injection High-Profile Examples Understanding How It Happens Dynamic String Building Incorrectly Handled Escape Characters Incorrectly Handled Types Incorrectly Handled Query Assembly Incorrectly Handled Errors Incorrectly Handled Multiple Submissions Insecure Database Configuration Chapter 2 Testing for SQL Injection Finding SQL Injection Testing by Inference Identifying Data Entry GET Requests POST Requests Other Injectable Data Manipulating Parameters Information Workf low Database Errors Commonly Displayed SQL Errors Microsoft SQL Server Errors Errors Errors Application Response Generic Errors HTTP Code Errors Different Response Sizes Blind Injection Detection Confirming SQL Injection Differentiating Numbers and Strings Inline SQL Injection Injecting Strings Inline Injecting Numeric Values Inline Terminating SQL Injection Database Comment Syntax Using Comments Executing Multiple Statements Time Delays Automating SQL Injection Discovery Tools for Automatically Finding SQL Injection HP WebInspect IBM Rational AppScan HP Scrawlr SQLiX Paros Proxy Chapter 3 Reviewing Code for SQL Injection Reviewing Source Code for SQL Injection Dangerous Coding Behaviors Revisión Página 2 de 8

3 Dangerous Functions Following the Data Following Data in PHP Following Data in Java Following Data in C# Reviewing PL/SQL and T-SQL Code Automated Source Code Review Yet Another Source Code Analyzer (YASCA) Pixy AppCodeScan LAPSE Security Compass Web Application Analysis Tool (SWAAT) Microsoft Source Code Analyzer for SQL Injection Microsoft Code Analysis Tool.NET (CAT.NET) Commercial Source Code Review Tools Ounce Source Code Analysis CodeSecure Chapter 4 Exploiting SQL Injection Understanding Common Exploit Techniques Using Stacked Queries Identifying the Database Non-Blind Fingerprint Banner Grabbing Blind Fingerprint Extracting Data through UNION Statements Matching Columns Matching Data Types Using Conditional Statements Approach 1: Time-based Approach 2: Error-based Approach 3: Content-based Working with Strings Extending the Attack Using Errors for SQL Injection Error Messages in Enumerating the Database Schema SQL Server Escalating Privileges SQL Server Privilege Escalation on Unpatched Servers Stealing the Password Hashes SQL Server Components APEX Internet Directory Out-of-Band Communication Microsoft SQL Server HTTP/DNS File System SQL Server Revisión Página 3 de 8

4 Automating SQL Injection Exploitation Sqlmap Sqlmap Example Bobcat BSQL Other Tools Chapter 5 Blind SQL Injection Exploitation Finding and Confirming Blind SQL Injection Forcing Generic Errors Injecting Queries with Side Effects Spitting and Balancing Common Blind SQL Injection Scenarios Blind SQL Injection Techniques Inference Techniques Increasing the Complexity of Inference Techniques Alternative Channel Techniques Using Time-Based Techniques Delaying Database Queries Delays Generic Binary Search Inference Exploits Generic Bit-by-Bit Inference Exploits SQL Server Delays. Generic SQL Server Binary Search Inference Exploits Generic SQL Server Bit-by-Bit Inference Exploits Delays Time-Based Inference Considerations Using Response-Based Techniques Response Techniques SQL Server Response Techniques Response Techniques Returning More Than One Bit of Information Using Alternative Channels Database Connections DNS Exfiltration Exfiltration HTTP Exfiltration Automating Blind SQL Injection Exploitation Absinthe BSQL Hacker SQLBrute Sqlninja Squeeza Chapter 6 Exploiting the Operating System Accessing the File System Reading Files Microsoft SQL Server Writing Files Microsoft SQL Server Executing Operating System Commands Direct Execution Revisión Página 4 de 8

5 DBMS_SCHEDULER PL/SQL Native. Other Possibilities Alter System Set Events PL/SQL Native 9i Buffer Overflows Custom Application Code Microsoft SQL Server Consolidating Access Endnotes Chapter 7 Advanced Topics Evading Input Filters Using Case Variation Using SQL Comments Using URL Encoding Using Dynamic Query Execution Using Null Bytes Nesting Stripped Expressions Exploiting Truncation Bypassing Custom Filters Using Non-Standard Entry Points Exploiting Second-Order SQL Injection Finding Second-Order Vulnerabilities Using Hybrid Attacks Leveraging Captured Data Creating Cross-Site Scripting Running Operating System Commands on Exploiting Authenticated Vulnerabilities. Chapter 8 Code-Level Defenses Using Parameterized Statements Parameterized Statements in Java Parameterized Statements in.net (C#) Parameterized Statements in PHP Parameterized Statements in PL/SQL Validating Input Whitelisting Blacklisting Validating Input in Java Validating Input in.net Validating Input in PHP Encoding Output Encoding to the Database Encoding for dbms_assert Encoding for Microsoft SQL Server Encoding for Canonicalization Canonicalization Approaches Working with Unicode Designing to Avoid the Dangers of SQL Injection Using Stored Procedures Using Abstraction Layers Handling Sensitive Data Revisión Página 5 de 8

6 Avoiding Obvious Object Names Setting Up Database Honeypots Additional Secure Development Resources Chapter 9 Platform-Level Defenses Using Runtime Protection Web Application Firewalls Using ModSecurity Configurable Rule Set Request Coverage Request Normalization Response Analysis Intrusion Detection Capabilities Intercepting Filters Web Server Filters Application Filters Implementing the Filter Pattern in Scripted Languages Filtering Web Service Messages Non-Editable versus Editable Input Protection URL/Page-Level Strategies Page Overriding URL Rewriting Resource Proxying/Wrapping Aspect-Oriented Programming (AOP) Application Intrusion Detection Systems (IDSs) Database Firewall Securing the Database Locking Down the Application Data Use the Least-Privileged Database Login Revoke PUBLIC Permissions Use Stored Procedures Use Strong Cryptography to Protect Stored Sensitive Data Maintaining an Audit Trail Error Triggers Locking Down the Database Server Additional Lockdown of System Objects Restrict Ad Hoc Querying Strengthen Controls Surrounding Authentication Run in the Context of the Least-Privileged Operating System Account Ensure That the Database Server Software Is Patched Additional Deployment Considerations.. Minimize Unnecessary Information Leakage Suppress Error Messages Use an Empty Default Web Site Use Dummy Host Names for Reverse DNS Lookups Use Wildcard SSL Certificates Limit Discovery via Search Engine Hacking Disable Web Services Description Language (WSDL) Information Increase the Verbosity of Web Server Logs Deploy the Web and Database Servers on Separate Hosts Configure Network Access Control Chapter 10 References Structured Query Language (SQL) Primer SQL Queries Revisión Página 6 de 8

7 SELECT Statement UNION Operator INSERT Statement UPDATE Statement DELETE Statement DROP Statement CREATE TABLE Statement ALTER TABLE Statement GROUP BY Statement ORDER BY Clause Limiting the Result Set SQL Injection Quick Reference Identifying the Database Platform Identifying the Database Platform via Time Delay Inference Identifying the Database Platform via SQL Dialect Inference Combining Multiple Rows into a Single Row Microsoft SQL Server Cheat Sheet Enumerating Database Configuration Information and Schema Blind SQL Injection Functions: Microsoft SQL Server Microsoft SQL Server Privilege Escalation OPENROWSET Reauthentication Attack Attacking the Database Server: Microsoft SQL Server System Command Execution via xp_cmdshell xp_cmdshell Alternative Cracking Database Passwords Microsoft SQL Server 2005 Hashes File Read/Write Cheat Sheet Blind SQL Injection Functions: Attacking the Database Server: System Command Execution Cracking Database Passwords Attacking the Database Directly File Read/Write Cheat Sheet Blind SQL Injection Functions: Attacking the Database Server: Command Execution Reading Local Files Reading Local Files (PL/SQL Injection Only) Writing Local Files (PL/SQL Injection Only) Cracking Database Passwords Bypassing Input Validation Filters Quote Filters HTTP Encoding Troubleshooting SQL Injection Attacks SQL Injection on Other Platforms PostgreSQL Cheat Sheet Blind SQL Injection Functions: PostgreSQL Attacking the Database Server: PostgreSQL System Command Execution Local File Access Cracking Database Passwords DB2 Cheat Sheet Blind SQL Injection Functions: DB2 Informix Cheat Sheet Blind SQL Injection Functions: Informix Ingres Cheat Sheet Revisión Página 7 de 8

8 Blind SQL Injection Functions: Ingres Microsoft Access Resources SQL Injection White Papers SQL Injection Cheat Sheets SQL Injection Exploit Tools Password Cracking Tools Revisión Página 8 de 8