SQL injection attacks SQL injection user input SQL injection SQL Command parameters Database account. SQL injection attacks Data Code



Similar documents
SQL INJECTION ATTACKS

Webapps Vulnerability Report

Using IRDB in a Dot Net Project

A SQL Injection : Internal Investigation of Injection, Detection and Prevention of SQL Injection Attacks

SECURING APACHE : THE BASICS - III

SQL Injection. The ability to inject SQL commands into the database engine through an existing application

Database Communica/on in Visual Studio/C# using Web Services. Hans- Pe=er Halvorsen, M.Sc.

Magento Security and Vulnerabilities. Roman Stepanov

Conexión SQL Server C#

Concepts Design Basics Command-line MySQL Security Loophole

ASP.NET Programming with C# and SQL Server

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

Testing Web Applications for SQL Injection Sam Shober

SQL Injection January 23, 2013

Security Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions

SQL Injection. By Artem Kazanstev, ITSO and Alex Beutel, Student

MS Enterprise Library 5.0 (Logging Application Block)

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2

Real SQL Programming 1

ADOBE READER AND ACROBAT

SQL Injection for newbie

OCR LEVEL 3 CAMBRIDGE TECHNICAL

Using LDAP Authentication in a PowerCenter Domain

External Network & Web Application Assessment. For The XXX Group LLC October 2012

PHP Form Handling. Prof. Jim Whitehead CMPS 183 Spring 2006 May 3, 2006

SQL Injection Vulnerabilities in Desktop Applications

1. What is SQL Injection?

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Developing Secure Web Applications

A Tutorial on SQL Server CMPT 354 Fall 2007

Web Application Security Guidelines for Hosting Dynamic Websites on NIC Servers

Live Hacking. Threats & Countermeasures in Action (SEC411) Ofer Maor CTO Hacktics Ltd.

T-SQL STANDARD ELEMENTS

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH January 17, Mega Conference

SQL Server CE Remote Data Access and Replication

VB.NET - DATABASE ACCESS

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

Introduction to Server-Side Programming. Charles Liu

A Review of Web Application Security for Preventing Cyber Crimes

Serious Threat. Targets for Attack. Characterization of Attack. SQL Injection 4/9/2010 COMP On August 17, 2009, the United States Justice

Criteria for web application security check. Version

This course provides students with the knowledge and skills to develop ASP.NET MVC 4 web applications.

Certified Secure Web Application Secure Development Checklist

How To: Create a Crystal Report from ADO.NET Dataset using Visual Basic.NET

Sitecore Security Hardening Guide

API Integration Payment21 Button

Creating Connection with Hive

Intell-a-Keeper Reporting System Technical Programming Guide. Tracking your Bookings without going Nuts!

Mastering Visual Basic.NET Database Programming Evangelos Petroutsos; Asli Bilgin

Introduction. Two levels of security vulnerabilities:

Transition your MCPD Web Developer Skills to MCPD ASP.NET Developer 3.5 (VB)

Agenda. SQL Injection Impact in the Real World Attack Scenario (1) CHAPTER 8 SQL Injection

DiskPulse DISK CHANGE MONITOR

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso

SQL Server Database Web Applications

Common Web Application Attack Types and Security Using ASP.NET

SQL Injection and XSS

Detecting SQL Injection Vulnerabilities in Web Services

MXSAVE XMLRPC Web Service Guide. Last Revision: 6/14/2012

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

Web Application Security

Guarding Against SQL Server Attacks: Hacking, cracking, and protection techniques.

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Government Girls Polytechnic, Bilaspur

Towards More Security in Data Exchange

Cyber Security Workshop Ethical Web Hacking

How To Fix A Web Application Security Vulnerability

Programming Database lectures for mathema

SQL Server Automated Administration

SQL Injection Protection by Variable Normalization of SQL Statement

C# Datenbank-Programmierung

CTF Web Security Training. Engin Kirda

Web Application Vulnerability Testing with Nessus

Expanded contents. Section 1. Chapter 2. The essence off ASP.NET web programming. An introduction to ASP.NET web programming

Fortigate SSL VPN 3.x With PINsafe Installation Notes

Using Microsoft SQL Server A Brief Help Sheet for CMPT 354

Enhanced Model of SQL Injection Detecting and Prevention

NetSupport DNA Configuration of Microsoft SQL Server Express

AUTHENTICATION... 2 Step 1:Set up your LDAP server... 2 Step 2: Set up your username... 4 WRITEBACK REPORT... 8 Step 1: Table structures...

Botnet-Powered SQL Injection Attacks A Deeper Look Within (VB, Sep. 2009) David Maciejak Guillaume Lovet

Database 10g Edition: All possible 10g features, either bundled or available at additional cost.

CMP3002 Advanced Web Technology

PHP Tutorial From beginner to master

Web Plus Security Features and Recommendations

Using Web Security Scanners to Detect Vulnerabilities in Web Services

LICENSE4J AUTO LICENSE GENERATION AND ACTIVATION SERVER USER GUIDE

Understanding Sql Injection

General principles and architecture of Adlib and Adlib API. Petra Otten Manager Customer Support

Managing Your Network Password Using MyPassword

Click-To-Talk. ZyXEL IP PBX License IP PBX LOGIN DETAILS. Edition 1, 07/2009. LAN IP: WAN IP:

5 Airport. Chapter 5: Airport 49. Right-click on Data Connections, then select Add Connection.

Transcription:

SQL Injection Attack SQL injection attacks SQL injection user input SQL injection SQL Command parameters Database account Login page application database over-privileged account database Attacker SQL injection database commands SQL injection attacks Data Code - User - parameters SQL statements - Over-privileged database login SQL Injection User SSN text box String ' ; DROP DATABASE pubs -- Dynamic

// Use dynamic SQL SqlDataAdapter mycommand = new SqlDataAdapter( "SELECT au_lname, au_fname FROM authors WHERE au_id = '" + SSN.Text + "'", myconnection); // Use stored procedures SqlDataAdapter mycommand = new SqlDataAdapter( "LoginStoredProcedure '" + SSN.Text + "'", myconnection); Code D user SELECT au_lname, au_fname FROM authors WHERE au_id = '172-32-9999' user SELECT au_lname, au_fname FROM authors WHERE au_id = ''; DROP DATABASE pubs --' current SELECT au_lname, au_fname FROM authors WHERE au_id = ' ' ; (semicolon) ; DROP DATABASE pubs SQL statements SELECT * FROM MyTable DELETE FROM MyTable

-- (double dash) SQL comment SQL SQL parser error single quotation mark ) --' SQL injection attacks - - Input data type, length, format range - Data access SQL parameters SQL paramenters stored procedures ( ) SQL command strings d o SQLParameterCollection Parameter collections type Length validation parameters collection input SQL Server excutable code parameter collection type length Values outside of the range trigger an exception. - Database permissions account database stored procedures permissions table - Database Error Information database error error user SSL (Secure Socket Layer) IP Security SQL injection - ၁ input - ၂ stored procedures parameters - ၃ dynamic SQL parameters

၁ input ASP.NET application type length format range input data access queries input SQL injection input characters characters regular expressions validation character characters ASP.NET web page input ASP.NET web page server side code client-side validation server to client round trip user experience client-side validation client to server Server controls input RegularExpressionValidator RangeValidator ASP.NET validator controls HTML input controls input server-side code Regex class code ASP.NET TextBox control SSN Textbox Value Value RegularExpressionValidator Value <%@ language="c#" %> <form id="form1" runat="server"> <asp:textbox ID="SSN" runat="server"/> <asp:regularexpressionvalidator ID="regexpSSN" runat="server" ErrorMessage="Incorrect SSN Number" ControlToValidate="SSN" ValidationExpression="^\d3-\d2-\d4$" /> </form> HTML control using System.Text.RegularExpressions; if (Regex.IsMatch(Request.Cookies["SSN"], "^\d3-\d2-\d4$")) // access the database else

// handle the bad input - ၂ Untrusted Clients Library code data Regular using System; using System.Text.RegularExpressions; public void CreateNewUserAccount(string name, string password) // Check name contains only lower case or upper case letters, // the apostrophe, a dot, or white space. Also check it is // between 1 and 40 characters long if (!Regex.IsMatch(userIDTxt.Text, @"^[a-za-z'./s]1,40$")) throw new FormatException("Invalid name format"); // Check password contains at least one digit, one lower case // letter, one uppercase letter, and is between 8 and 10 // characters long if (!Regex.IsMatch(passwordTxt.Text, @"^(?=.*\d)(?=.*[a-z])(?=.*[a-z]).8,10$" )) throw new FormatException("Invalid password format"); // Perform data access logic (using type safe parameters)... ၂ Stored procedures

using System.Data; using System.Data.SqlClient; using (SqlConnection connection = new SqlConnection(connectionString)) DataSet userdataset = new DataSet(); SqlDataAdapter mycommand = new SqlDataAdapter( "LoginStoredProcedure", connection); mycommand.selectcommand.commandtype = CommandType.StoredProcedure; mycommand.selectcommand.parameters.add("@au_id", SqlDbType.VarChar, 11); mycommand.selectcommand.parameters["@au_id"].value = SSN.Text; mycommand.fill(userdataset); ၁၁ ) Parameter CREATE PROCEDURE dbo.runquery @var ntext AS exec sp_executesql @var GO DROP TABLE ORDERS; stored code a stored pr

၃ code dynamic SQL using System.Data; using System.Data.SqlClient; using (SqlConnection connection = new SqlConnection(connectionString)) DataSet userdataset = new DataSet(); SqlDataAdapter mydataadapter = new SqlDataAdapter( "SELECT au_lname, au_fname FROM Authors WHERE au_id = @au_id", connection); mycommand.selectcommand.parameters.add("@au_id", SqlDbType.VarChar, 11); mycommand.selectcommand.parameters["@au_id"].value = SSN.Text; mydataadapter.fill(userdataset); SQL statement parameter using System.Data; using System.Data.SqlClient;... using (SqlConnection connection = new SqlConnection(connectionString)) SqlDataAdapter dataadapter = new SqlDataAdapter( "SELECT CustomerID INTO #Temp1 FROM Customers " + "WHERE CustomerID > @custidparm; SELECT CompanyName FROM Customers " + "WHERE Country = @countryparm and CustomerID IN " + "(SELECT CustomerID FROM #Temp1);", connection); SqlParameter custidparm = dataadapter.selectcommand.parameters.add( "@custidparm", SqlDbType.NChar, 5); custidparm.value = customerid.text; SqlParameter countryparm = dataadapter.selectcommand.parameters.add( "@countryparm", SqlDbType.NVarChar, 15); countryparm.value = country.text; connection.open(); DataSet dataset = new DataSet(); dataadapter.fill(dataset);... SQL injection -

- - threat private string SafeSqlLiteral(string inputsql) return inputsql.replace("'", "''"); A Least- ASP. ၁ ၂ ၃

tab comprom malici Reference : http://msdn.microsoft.com/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information