Detecting (and even preventing) SQL Injection Using the Percona Toolkit and Noinject!
|
|
- Vivian McDonald
- 8 years ago
- Views:
Transcription
1 Detecting (and even preventing) SQL Injection Using the Percona Toolkit and Noinject! Justin Swanhart Percona Live, April 2013
2 INTRODUCTION 2
3 Introduction 3 Who am I? What do I do? Why am I here?
4 The tools 4 MySQL (5.0+) Percona Toolkit pt-query-digest pt-fingerprint MySQL Proxy (0.8.0+) Apache and PHP 5.3+
5 WHAT IS SQL INJECTION? 5
6 What is SQL injection? 6 SQL injection is an attack vector An attacker modifies the SQL queries which will be executed by the server But the attacker does not need to change the code on the server or get access to the server
7 What is SQL injection interpolation (strings) 7 $username = $_GET[ username ]; $sql = select 1 from users.users where admin_flag=true and username =. $username. ; $ wget SQL injection! $ wget ' or '1'='1 and username = or 1 = 1
8 Escape strings, or use prepared statements! 8 #escape string values $username = mysqli_real_escape_string($_get[ username ]); $sql = select and username =. $username. ; #prepared statement $username = GET[ username ]; $stmt = mysqli_stmt_init($conn); $sql = select and username =? mysqli_stmt_prepare($stmt, $sql); mysqli_stmt_bind_param($stmt, s, $username); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt);
9 What is SQL injection interpolation (ints) 9 $user_id = $_GET[ user_id ]; $sql = select 1 from users.users where admin_flag=true and user_id =. $user_id; SQL injection! $ wget $ wget 1 or 1=1
10 Use type checking, or prepared statements! 10 #check that integers really are integers! $user_id = GET[ user_id ]; if(!is_numeric(user_id)) $user_id = NULL ; $sql = select and user_id =. $user_id; #prepared statement $user_id = GET[ user_id ]; $sql = select and user_id =? mysqli_stmt_bind_param($stmt, i, $user_id); mysqli_stmt_execute($stmt);
11 When escaping can t help 11 Some parts of a SQL statement can t be manipulated using parameters These include ORDER BY columns Variable number of items in an IN list Adding SQL syntax like DISTINCT
12 Don t use user input in the query 12 #avoid using user input directly in ANY way $sql = select * from listings where deleted = 0 and sold = 0 and open = 1 ; if(!empty($_get[ ob ])) { } $sql.= ORDER BY. $_GET[ ob ]; wget?ob=post_date Bad! wget?ob= post_date union all (select * from listings) Now we can see all listings
13 Use whitelisting instead 13 #avoid using user input directly in ANY way $sql = select * from listings where deleted = 0 and sold = 0 and open = 1 ; $allowed = array( post_date, neighborhood, etc ); if(!empty($_get[ ob ]) && is_string($_get[ ob ])) { } if(in_array($_get[ ob ], $allowed)) { } $sql.= ORDER BY. $_GET[ ob ]; in_array() is the keeper of the gate wget?ob=post_date wget?ob= post_date union all (select * from listings)
14 All that works great for the apps you control 14 BUT If you don t have the source for an app, then you really can t be sure it isn t safe from SQL injection Or maybe you have to support old apps Or apps that were not developed rigorously What do we do in these cases?
15 15 Out-of-band SQL injection detection SQL INJECTION DETECTION USING PT-QUERY-DIGEST
16 How to detect SQL injection? 16 Most applications only do a small number of things. Add orders, mark orders as shipped, update addresses, etc. The SQL patterns that identify these behaviors can be collected and whitelisted. Queries that don t match a known fingerprint may be investigated as SQL injection attempts
17 What is a query fingerprint? 17 A query fingerprinting algorithm transforms a query into a form that allows like queries to be grouped together and identified as a unit In other words, these like queries share a fingerprint Even though the queries differ slightly they still fingerprint to the same value This is a heuristic based approach
18 Tools that support query fingerprints 18 Percona Toolkit tools pt-query-digest Reads slow query logs and populates the whitelist table. Can also be used to display new queries that have not been marked as allowed. pt-fingerprint Takes a query (or queries) and produces fingerprints. Useful for third party tools that want to use fingerprints.
19 What is a query fingerprint (cont?) 19 select * from some_table where col = 3 becomes select * from some_table where col =? select * from some_table where col = IN (1,2) becomes select * from some_table where col IN (?)
20 Query fingerprints expressed as hashes 20 pt-query-digest can provide short hashes of checksums select * from some_table where col =? 982e5737f9747a5d ( ) select * from some_table where col = IN (?) 2da8ed487cdfc1c8 ( ) base 10
21 pt-query-digest 21 Normally used for profiling slow queries Has a SQL review feature for DBAs Designed to mark query fingerprints as having been reviewed This feature can be co-opted to discover new query fingerprints automatically New fingerprints are either new application code or SQL injection attempts
22 pt-query-digest review feature 22 Need to store the fingerprints in a table Known good fingerprints will be marked as reviewed If pt-query-digest discovers new fingerprints you will be alerted because there will be unreviewed queries in the table
23 pt-query-digest - review table initialization 23 Need to initialize the table pt-query-digest /path/to/slow.log \ --create-review-table --review h= ,p=3306,u=percona,p=2un1c0rns,d=percona,t=whitelist \ --sample 1 \ --no-report Where to store fingerprints Don t print report Don t waste time on stats
24 pt-query-digest command-line review 24 pt-query-digest /path/to/slow.log \ --review DSN \ --sample 1 \ --report \ --limit 0 How it knows which queries have already been reviewed Don t collect stats, just sample one of each new fingerprint Display the report of queries Ensure that all unreviewed queries are shown
25 USING THE WHITELIST WITH SQL 25
26 Detecting new query fingerprints 26 SELECT count(*) FROM percona.whitelist WHERE reviewed_by IS NULL; Any new queries? percona.whitelist is just an example name, you can use any you like SELECT checksum, sample FROM percona.whitelist WHERE reviewed_by IS NULL; Get a list of the queries
27 Add a query fingerprint to the whitelist 27 UPDATE percona.whitelist SET reviewed_by = allow, reviewed_on = now() WHERE checksum= ;
28 Blacklist a query fingerprint 28 You might also explicitly blacklist a fingerprint UPDATE percona.whitelist SET reviewed_by = deny, reviewed_on = now() WHERE checksum = ;
29 Web interface for whitelist management 29 The Noinject! project (discussed later) has a web interface that can be used to mark queries as reviewed It can be with both the noinject.lua proxy script or with pt-query-digest
30 30 Out of band detection LIMITATIONS AND CAVEATS
31 Out-of-band detection 31 Some damage or information leakage may have already happened To limit the extent of the damage send an alert as soon as a new pattern is detected Ensure thorough application pattern detection in a test environment to avoid false positives
32 Get logs as fast as possible 32 Use tcpdump on a mirrored server port Pipe the output to pt-query-digest Use tcpdump on the database server Adds some additional overhead from running the tools on the same machine Possibly higher packet loss Collect and process slow query logs frequently Adds slow query log overhead to server Longer delay before processing
33 33 What to do BEFORE a fishy fingerprint appears FINDING THE VULNERABILITY
34 Prepare for finding a vulnerability 34 Tracking down the vulnerable code fragment can be difficult if you have only the SQL statement Not just a problem with SQL injection since it is usually convenient to see where a SQL statement was generated from
35 Add tracing comments to queries 35 A good approach is to modify the data access layer (DAL) to add SQL comments Comments are preserved in the slow query log Comments are displayed in SHOW commands SHOW ENGINE INNODB STATUS SHOW PROCESSLIST Make sure your client does not strip comments!
36 Add tracing information 36 PHP can use debug_backtrace() for example PERL has variables that point to the file and line Investigate the debugging section of your langauge s manual
37 What to place in the comment 37 Here are some important things to consider placing into the tracing comment session_id (or important cookie info) application file name, and line number important GET, POST, PUT or DELETE contents Any other important information which could be useful for tracking down the vector being used in an attack
38 Example comments in SQL queries 38 select airport_name, count(*) from dim_airport join ontime_fact on dest_airport_id = airport_id where depdelay > 30 and flightdate_id = /* webserver: ,file:show_delays.php,l ine:326,function:get_delayed_flights,user:ju stin,sessionid:7b7n2pcniokcgf */ This comment contains all that you need
39 Most apps don t do this out of the box 39 You can modify the application If you have the source code (and it uses a DAL) BUT There isn t much you can do if The application is closed source, or you can t change the source There is no DAL (code/query spaghetti) For any other reason it is problematic to inject information into all SQL queries
40 If I can t change the source? 40 You can t fix the problems when you detect them. Consider using an open source solution Or consider in-band protection
41 41 In-band SQL injection detection SQL INJECTION PREVENTION
42 In-band protection 42 Using pt-query-digest to discover new query patterns is useful But it doesn t work in real time It can t block bad queries from actually executing
43 In-band protection 43 What is needed is a man in the middle that inspects each query to ensure it matches an allowed fingerprint. MySQL proxy can be used for this purpose
44 MySQL Proxy 44 MySQL Proxy Supports Lua scripting for easy development Adds some latency to all queries Considered alpha quality though for simple scripts it seems stable enough Fingerprinting and checking database also adds latency. 3ms 5ms per query is to be expected
45 Noinject! The Lua script and PHP interface 45 The Lua script for MySQL proxy is pretty much drop-in. Just modify it to point to your database server and specify credentials and other options. PHP script is similarly easy to configure. Drop in a directory on an Apache box Modify the script to set the options.
46 The Lua proxy script known queries 46 By default the script will retrieve all known good fingerprints and cache them locally when the first query is received from a client Also by default, all queries that fail to pass the known whitelist check are logged in an exception table. Both of these options can be changed easily
47 The Lua proxy script known queries 47 Each query is fingerprinted If the fingerprint is on the whitelist, the actual query is sent to the server If the query is not on the whitelist the behavior varies depending on the proxy mode
48 Lua script Proxy mode 48 permissive mode Records the SQL fingerprint into the whitelist table but does not mark it as reviewed Allows the query to proceed restrictive mode Records the SQL fingerprint into the whitelist table Returns an empty set for the query
49 Why use permissive mode? 49 Permissive mode allows the collection of SQL fingerprints for an application dynamically Just run the application with typical workload and the SQL queries will be recorded automatically Eventually switch to restrictive mode
50 PHP Web interface mode HTML interface White or black list the fingerprint Query Sample Last action time with note
51 If you want something prettier 51 This is open source so If you want bug fixes or have feature requests You can engage with Percona for development You can contribute! You can fork your own version
52 If the proxy overhead is too high 52 You could develop the functionality in MySQL too bad the parser is not pluggable Try mysqlnd plugins fingerprint queries in PHP match them to a whitelist maintained in a serialized PHP array reject queries that aren t approved Improve the proxy lua script fingerprint process could probably be made faster
53 Percona Training Advantage 53 This presentation and the Noinject! tool were created by Justin Swanhart, one of Percona s expert trainers Check out for a list of training events near you Request training directly by Justin or any of our other expert trainers by contacting your Percona sales rep today
54 Q/A 54
CSCI110 Exercise 4: Database - MySQL
CSCI110 Exercise 4: Database - MySQL The exercise This exercise is to be completed in the laboratory and your completed work is to be shown to the laboratory tutor. The work should be done in week-8 but
More information5 Percona Toolkit tools that could save your day. Stéphane Combaudon FOSDEM February 3rd, 2013
5 Percona Toolkit tools that could save your day Stéphane Combaudon FOSDEM February 3rd, 2013 What is Percona Toolkit Set of cli tools to perform common tasks that are painful to do manually (~30 tools)
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationAutomating Security Testing. Mark Fallon Senior Release Manager Oracle
Automating Security Testing Mark Fallon Senior Release Manager Oracle Some Ground Rules There are no silver bullets You can not test security into a product Testing however, can help discover a large percentage
More informationVersion of this tutorial: 1.06a (this tutorial will going to evolve with versions of NWNX4)
Version of this tutorial: 1.06a (this tutorial will going to evolve with versions of NWNX4) The purpose of this document is to help a beginner to install all the elements necessary to use NWNX4. Throughout
More informationBasic & Advanced Administration for Citrix NetScaler 9.2
Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios
More informationWeb Applications Security: SQL Injection Attack
Web Applications Security: SQL Injection Attack S. C. Kothari CPRE 556: Lecture 8, February 2, 2006 Electrical and Computer Engineering Dept. Iowa State University SQL Injection: What is it A technique
More informationBubble Code Review for Magento
User Guide Author: Version: Website: Support: Johann Reinke 1.1 https://www.bubbleshop.net bubbleshop.net@gmail.com Table of Contents 1 Introducing Bubble Code Review... 3 1.1 Features... 3 1.2 Compatibility...
More informationCyber Security Challenge Australia 2014
Cyber Security Challenge Australia 2014 www.cyberchallenge.com.au CySCA2014 Web Penetration Testing Writeup Background: Pentest the web server that is hosted in the environment at www.fortcerts.cysca Web
More informationAdvanced Web Security, Lab
Advanced Web Security, Lab Web Server Security: Attacking and Defending November 13, 2013 Read this earlier than one day before the lab! Note that you will not have any internet access during the lab,
More informationSQL injection: Not only AND 1=1. The OWASP Foundation. Bernardo Damele A. G. Penetration Tester Portcullis Computer Security Ltd
SQL injection: Not only AND 1=1 Bernardo Damele A. G. Penetration Tester Portcullis Computer Security Ltd bernardo.damele@gmail.com +44 7788962949 Copyright Bernardo Damele Assumpcao Guimaraes Permission
More informationPlaying with Web Application Firewalls
Playing with Web Application Firewalls DEFCON 16, August 8-10, 2008, Las Vegas, NV, USA Who is Wendel Guglielmetti Henrique? Penetration Test analyst at SecurityLabs - Intruders Tiger Team Security division
More informationSQL INJECTION ATTACKS By Zelinski Radu, Technical University of Moldova
SQL INJECTION ATTACKS By Zelinski Radu, Technical University of Moldova Where someone is building a Web application, often he need to use databases to store information, or to manage user accounts. And
More informationApplication security testing: Protecting your application and data
E-Book Application security testing: Protecting your application and data Application security testing is critical in ensuring your data and application is safe from security attack. This ebook offers
More informationD61830GC30. MySQL for Developers. Summary. Introduction. Prerequisites. At Course completion After completing this course, students will be able to:
D61830GC30 for Developers Summary Duration Vendor Audience 5 Days Oracle Database Administrators, Developers, Web Administrators Level Technology Professional Oracle 5.6 Delivery Method Instructor-led
More informationStill Aren't Doing. Frank Kim
Ten Things Web Developers Still Aren't Doing Frank Kim Think Security Consulting Background Frank Kim Consultant, Think Security Consulting Security in the SDLC SANS Author & Instructor DEV541 Secure Coding
More informationAdvanced Administration for Citrix NetScaler 9.0 Platinum Edition
Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Course Length: 5 Days Course Code: CNS-300 Course Description This course provides the foundation to manage, configure and monitor advanced
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationSerious Threat. Targets for Attack. Characterization of Attack. SQL Injection 4/9/2010 COMP620 1. On August 17, 2009, the United States Justice
Serious Threat SQL Injection COMP620 On August 17, 2009, the United States Justice Department tcharged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit
More informationUsing Nessus In Web Application Vulnerability Assessments
Using Nessus In Web Application Vulnerability Assessments Paul Asadoorian Product Evangelist Tenable Network Security pasadoorian@tenablesecurity.com About Tenable Nessus vulnerability scanner, ProfessionalFeed
More informationWeb Application Guidelines
Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security
More informationSQL Injection. The ability to inject SQL commands into the database engine through an existing application
SQL Injection The ability to inject SQL commands into the database engine through an existing application 1 What is SQL? SQL stands for Structured Query Language Allows us to access a database ANSI and
More informationMAGENTO HOSTING Progressive Server Performance Improvements
MAGENTO HOSTING Progressive Server Performance Improvements Simple Helix, LLC 4092 Memorial Parkway Ste 202 Huntsville, AL 35802 sales@simplehelix.com 1.866.963.0424 www.simplehelix.com 2 Table of Contents
More informationUse Enterprise SSO as the Credential Server for Protected Sites
Webthority HOW TO Use Enterprise SSO as the Credential Server for Protected Sites This document describes how to integrate Webthority with Enterprise SSO version 8.0.2 or 8.0.3. Webthority can be configured
More informationBenchmarking and monitoring tools
Benchmarking and monitoring tools Presented by, MySQL & O Reilly Media, Inc. Section one: Benchmarking Benchmarking tools and the like! mysqlslap! sql-bench! supersmack! Apache Bench (combined with some
More informationEasy Method: Blind SQL Injection
16-05-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents Easy Method: Blind SQL Injection 1. Introduction... 3 2. Finding Vulnerable
More informationCS 558 Internet Systems and Technologies
CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.
More informationPractical Identification of SQL Injection Vulnerabilities
Practical Identification of SQL Injection Vulnerabilities Chad Dougherty Background and Motivation The class of vulnerabilities known as SQL injection continues to present an extremely high risk in the
More informationWhite Paper. Blindfolded SQL Injection
White Paper In the past few years, SQL Injection attacks have been on the rise. The increase in the number of Database based applications, combined with various publications that explain the problem and
More informationSQL Injection. SQL Injection. CSCI 4971 Secure Software Principles. Rensselaer Polytechnic Institute. Spring 2010 ...
SQL Injection CSCI 4971 Secure Software Principles Rensselaer Polytechnic Institute Spring 2010 A Beginner s Example A hypothetical web application $result = mysql_query(
More informationAgenda. SQL Injection Impact in the Real World. 8.1. Attack Scenario (1) CHAPTER 8 SQL Injection
Agenda CHAPTER 8 SQL Injection Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern, and Anita Kesavan (ISBN 1590597842; http://www.foundationsofsecurity.com).
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationHardening MySQL. Maciej Dobrzański maciek at psce.com @MushuPL http://www.psce.com/
Hardening MySQL Maciej Dobrzański maciek at psce.com @MushuPL http://www.psce.com/ In this presentation Database security Security features in MySQL The ugly truth Improving security DATABASE SECURITY
More informationSiteCelerate white paper
SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance
More informationABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection 2
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationEVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke
EVALUATING COMMERCIAL WEB APPLICATION SECURITY By Aaron Parke Outline Project background What and why? Targeted sites Testing process Burp s findings Technical talk My findings and thoughts Questions Project
More informationThreat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP
Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat
More informationMagento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
More informationMicrosoft Windows PowerShell v2 For Administrators
Course 50414B: Microsoft Windows PowerShell v2 For Administrators Course Details Course Outline Module 1: Introduction to PowerShell the Basics This module explains how to install and configure PowerShell.
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationFacebook Twitter YouTube Google Plus Website Email
PHP MySQL COURSE WITH OOP COURSE COVERS: PHP MySQL OBJECT ORIENTED PROGRAMMING WITH PHP SYLLABUS PHP 1. Writing PHP scripts- Writing PHP scripts, learn about PHP code structure, how to write and execute
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationUsing MySQL for Big Data Advantage Integrate for Insight Sastry Vedantam sastry.vedantam@oracle.com
Using MySQL for Big Data Advantage Integrate for Insight Sastry Vedantam sastry.vedantam@oracle.com Agenda The rise of Big Data & Hadoop MySQL in the Big Data Lifecycle MySQL Solutions for Big Data Q&A
More informationSQL Injection Attack Lab
Laboratory for Computer Security Education 1 SQL Injection Attack Lab Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science Foundation
More informationMake a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
More informationWeb and Email Security 1 / 40
Web and 1 / 40 Untrusted Clients Repeat: Untrusted Clients Server-Side Storage Cryptographic Sealing Hidden Values Cookies Protecting Data Sidebar: Cookies and JavaScript Cross-Site Scripting (XSS) Why
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationSTABLE & SECURE BANK lab writeup. Page 1 of 21
STABLE & SECURE BANK lab writeup 1 of 21 Penetrating an imaginary bank through real present-date security vulnerabilities PENTESTIT, a Russian Information Security company has launched its new, eighth
More informationImplementation of Web Application Firewall
Implementation of Web Application Firewall OuTian 1 Introduction Abstract Web 層 應 用 程 式 之 攻 擊 日 趨 嚴 重, 而 國 內 多 數 企 業 仍 不 知 該 如 何 以 資 安 設 備 阻 擋, 仍 在 採 購 傳 統 的 Firewall/IPS,
More informationUnderstanding Sql Injection
Understanding Sql Injection Hardik Shah Understanding SQL Injection Introduction: SQL injection is a technique used by a malicious user to gain illegal access on the remote machines through the web applications
More informationSQL Injection. By Artem Kazanstev, ITSO and Alex Beutel, Student
SQL Injection By Artem Kazanstev, ITSO and Alex Beutel, Student SANS Priority No 2 As of September 2009, Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source
More informationLISTSERV LDAP Documentation
LISTSERV LDAP Documentation L Soft Sweden AB 2007 28 November 2007 Overview LISTSERV version 15.5 can interface to LDAP servers to authenticate user logins, to insert LDAP attributes in mail merge distributions
More informationCSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities
CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities Thomas Moyer Spring 2010 1 Web Applications What has changed with web applications? Traditional applications
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationAuditing a Web Application. Brad Ruppert. SANS Technology Institute GWAS Presentation 1
Auditing a Web Application Brad Ruppert SANS Technology Institute GWAS Presentation 1 Objectives Define why application vulnerabilities exist Address Auditing Approach Discuss Information Interfaces Walk
More informationHow I hacked PacketStorm (1988-2000)
Outline Recap Secure Programming Lecture 8++: SQL Injection David Aspinall, Informatics @ Edinburgh 13th February 2014 Overview Some past attacks Reminder: basics Classification Injection route and motive
More informationLabVIEW Internet Toolkit User Guide
LabVIEW Internet Toolkit User Guide Version 6.0 Contents The LabVIEW Internet Toolkit provides you with the ability to incorporate Internet capabilities into VIs. You can use LabVIEW to work with XML documents,
More informationSQL Injection Vulnerabilities in Desktop Applications
Vulnerabilities in Desktop Applications Derek Ditch (lead) Dylan McDonald Justin Miller Missouri University of Science & Technology Computer Science Department April 29, 2008 Vulnerabilities in Desktop
More informationIP Application Security Manager and. VMware vcloud Air
Securing Web Applications with F5 BIG- IP Application Security Manager and VMware vcloud Air D E P L O Y M E N T G U I D E Securing Web Applications Migrating application workloads to the public cloud
More informationApplication Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il
Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems
More informationHardened Plone. Making Your Plone Site Even More Secure. Presented by: Nathan Van Gheem
Hardened Plone Making Your Plone Site Even More Secure Presented by: Nathan Van Gheem Plone Security Flexible and granular ACL/roles-based security model of Zope All input in Plone is validated Plone does
More informationOracle Forms Services Secure Web.Show_Document() calls to Oracle Reports
Oracle Forms Services Secure Web.Show_Document() calls to Oracle Reports $Q2UDFOH7HFKQLFDO:KLWHSDSHU )HEUXDU\ Secure Web.Show_Document() calls to Oracle Reports Introduction...3 Using Web.Show_Document
More informationSecuring and Accelerating Databases In Minutes using GreenSQL
Securing and Accelerating Databases In Minutes using GreenSQL Unified Database Security All-in-one database security and acceleration solution Simplified management, maintenance, renewals and threat update
More informationPHP on IBM i: What s New with Zend Server 5 for IBM i
PHP on IBM i: What s New with Zend Server 5 for IBM i Mike Pavlak Solutions Consultant mike.p@zend.com (815) 722 3454 Function Junction Audience Used PHP in Zend Core/Platform New to Zend PHP Looking to
More informationBlack Hat Briefings USA 2004 Cameron Hotchkies cameron@0x90.org
Blind SQL Injection Automation Techniques Black Hat Briefings USA 2004 Cameron Hotchkies cameron@0x90.org What is SQL Injection? Client supplied data passed to an application without appropriate data validation
More informationPerl In Secure Web Development
Perl In Secure Web Development Jonathan Worthington (jonathan@jwcs.net) August 31, 2005 Perl is used extensively today to build server side web applications. Using the vast array of modules on CPAN, one
More informationJOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City
JOOMLA SECURITY by Oliver Hummel ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City CONTACT Nicholas Butler 051-393524 089-4278112 info@irelandwebsitedesign.com Contents Introduction 3 Installation
More informationRole Based Access Control. Using PHP Sessions
Role Based Access Control Using PHP Sessions Session Developed in PHP to store client data on the web server, but keep a single session ID on the client machine (cookie) The session ID : identifies the
More informationChapter 1 Web Application (In)security 1
Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
More informationHow To Install Amyshelf On Windows 2000 Or Later
Contents I Table of Contents Part I Document Overview 2 Part II Document Details 3 Part III Setup 4 1 Download & Installation... 4 2 Configure MySQL... Server 6 Windows XP... Firewall Settings 13 3 Additional
More informationSource Code Review Using Static Analysis Tools
Source Code Review Using Static Analysis Tools July-August 05 Author: Stavros Moiras Supervisor(s): Stefan Lüders Aimilios Tsouvelekakis CERN openlab Summer Student Report 05 Abstract Many teams at CERN,
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationMPP Manager Users Guide
MPP Manager Users Guide Spam Quarantine and Email Archive Administration \ August, 2008 MPP Mable of Contents 1 About This Guide 4 1.1 MPP Manager Overview 4 1.2 Other Documentation 4 2 Mppserver MPP Manager
More informationGetting started with OWASP WebGoat 4.0 and SOAPUI.
Getting started with OWASP WebGoat 4.0 and SOAPUI. Hacking web services, an introduction. Version 1.0 by Philippe Bogaerts Philippe.Bogaerts@radarhack.com www.radarhack.com Reviewed by Erwin Geirnaert
More informationOracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska
Oracle Audit Vault and Database Firewall Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska The following is intended to outline our general product direction. It is intended for information
More informationJob Reference Guide. SLAMD Distributed Load Generation Engine. Version 1.8.2
Job Reference Guide SLAMD Distributed Load Generation Engine Version 1.8.2 June 2004 Contents 1. Introduction...3 2. The Utility Jobs...4 3. The LDAP Search Jobs...11 4. The LDAP Authentication Jobs...22
More informationWordPress Security Scan Configuration
WordPress Security Scan Configuration To configure the - WordPress Security Scan - plugin in your WordPress driven Blog, login to WordPress as administrator, by simply entering the url_of_your_website/wp-admin
More informationEvaluation of Penetration Testing Software. Research
Evaluation of Penetration Testing Software Research Penetration testing is an evaluation of system security by simulating a malicious attack, which, at the most fundamental level, consists of an intellectual
More informationThreat Modeling/ Security Testing. Tarun Banga, Adobe 1. Agenda
Threat Modeling/ Security Testing Presented by: Tarun Banga Sr. Manager Quality Engineering, Adobe Quality Leader (India) Adobe Systems India Pvt. Ltd. Agenda Security Principles Why Security Testing Security
More informationLockoutGuard v1.2 Documentation
LockoutGuard v1.2 Documentation (The following graphics are screen shots from Microsoft ISA Server and Threat Management Gateway which are the property of Microsoft Corp. and are included here for instructive
More informationOWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair dave.wichers@owasp.
and Top 10 (2007 Update) Dave Wichers The Foundation Conferences Chair dave.wichers@owasp.org COO, Aspect Security dave.wichers@aspectsecurity.com Copyright 2007 - The Foundation This work is available
More informationFirewalls, NAT and Intrusion Detection and Prevention Systems (IDS)
Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Internet (In)Security Exposed Prof. Dr. Bernhard Plattner With some contributions by Stephan Neuhaus Thanks to Thomas Dübendorfer, Stefan
More informationLog Analyzer Reference
IceWarp Unified Communications Log Analyzer Reference Version 10.4 Printed on 27 February, 2012 Contents Log Analyzer 1 Quick Start... 2 Required Steps... 2 Optional Steps... 3 Advanced Configuration...
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationVulnerability Scan. January 6, 2015
Vulnerability Scan January 6, 2015 Results of Vulnerability Security Scan The results of your Ethos Info Vulnerability Security Scan are detailed below. The scan ran from Sat Dec 27 07:07:00 2014 UTC until
More informationAttack and Penetration Testing 101
Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing
More informationUQC103S1 UFCE47-20-1. Systems Development. uqc103s/ufce47-20-1 PHP-mySQL 1
UQC103S1 UFCE47-20-1 Systems Development uqc103s/ufce47-20-1 PHP-mySQL 1 Who? Email: uqc103s1@uwe.ac.uk Web Site www.cems.uwe.ac.uk/~jedawson www.cems.uwe.ac.uk/~jtwebb/uqc103s1/ uqc103s/ufce47-20-1 PHP-mySQL
More informationRecon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins
Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you
More informationCHAPTER 5 INTELLIGENT TECHNIQUES TO PREVENT SQL INJECTION ATTACKS
66 CHAPTER 5 INTELLIGENT TECHNIQUES TO PREVENT SQL INJECTION ATTACKS 5.1 INTRODUCTION In this research work, two new techniques have been proposed for addressing the problem of SQL injection attacks, one
More informationRuby on Rails Secure Coding Recommendations
Introduction Altius IT s list of Ruby on Rails Secure Coding Recommendations is based upon security best practices. This list may not be complete and Altius IT recommends this list be augmented with additional
More informationG563 Quantitative Paleontology. SQL databases. An introduction. Department of Geological Sciences Indiana University. (c) 2012, P.
SQL databases An introduction AMP: Apache, mysql, PHP This installations installs the Apache webserver, the PHP scripting language, and the mysql database on your computer: Apache: runs in the background
More informationOracle Forms Services Secure Web.Show_Document() calls to Oracle Reports Server 6i
Oracle Forms Services Secure Web.Show_Document() calls to Oracle Reports Server 6i $Q2UDFOH7HFKQLFDO:KLWHSDSHU 0DUFK Secure Web.Show_Document() calls to Oracle Reports Server 6i Introduction...3 solution
More informationIntegrating VoltDB with Hadoop
The NewSQL database you ll never outgrow Integrating with Hadoop Hadoop is an open source framework for managing and manipulating massive volumes of data. is an database for handling high velocity data.
More informationThe release notes provide details of enhancements and features in Cloudera ODBC Driver for Impala 2.5.30, as well as the version history.
Cloudera ODBC Driver for Impala 2.5.30 The release notes provide details of enhancements and features in Cloudera ODBC Driver for Impala 2.5.30, as well as the version history. The following are highlights
More information