















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An in-depth analysis of sql injection, a common web application security vulnerability. It covers the background of sql injection, its techniques and examples, prevention methods, and a demonstration. The authors also discuss the dangerous effects of sql injection and ways to prevent it through input validation, permissions and access rights, variable placeholders, and stored procedures.
Typology: Study notes
1 / 23
This page cannot be seen from the preview
Don't miss anything!
















OutlineOutline Background of SQL Injection Background of SQL Injection Techniques and Examples Techniques and Examples Preventing SQL Injection Preventing SQL Injection Demo Demo
Databases: Where are they now?Databases: Where are they now? Desktop Apps X Web Apps X Mainframes X Fat Server & Fat Client Fat Server Fat Client
Why is SQL a standard?Why is SQL a standard? Relational Database Platform Independence Loose Semantics Runtime Interpretation
Example: Database SchemaExample: Database Schema Table Users Table Users
Modifying RecordsModifying Records Application has password changing page Application has password changing page SQL: update users set password = SQL: update users set password = ‘{newpassword}’ where username = ‘{newpassword}’ where username = ‘{username}’ ‘{username}’ Input: newpassword’ where username Input: newpassword’ where username like ‘%admin%’ -- like ‘%admin%’ --
MS SQL ServerMS SQL Server Setup SQL Server with default settings Setup SQL Server with default settings
Preventing SQL Injection Preventing SQL Injection
Preventing SQL InjectionPreventing SQL Injection Input Validation Input Validation Input Checking Functions Input Checking Functions Access Rights Access Rights User Permissions User Permissions Variable Placeholders Variable Placeholders Stored Procedures Stored Procedures
Input Checking FunctionsInput Checking Functions Built in character rejection Built in character rejection $sql $sql == “SELECT * FROM Users WHERE ID = ‘”“SELECT * FROM Users WHERE ID = ‘” .. $_GET[‘id’]. “’”;$_GET[‘id’]. “’”; $sql $sql == “SELECT * FROM Users WHERE ID =” .“SELECT * FROM Users WHERE ID =”. mysql_real_escape_string($_GET[‘id’]);mysql_real_escape_string($_GET[‘id’]); $result $result == mysql_query($sql);mysql_query($sql);
Access RightsAccess Rights Web User Web User vs. vs. System Administrator – ‘sa’ System Administrator – ‘sa’
Variable PlaceholdersVariable Placeholders Defense from String Concatenation Defense from String Concatenation Enforcing database data types Enforcing database data types
Stored ProceduresStored Procedures Use error checking variables Use error checking variables Buffer direct database access Buffer direct database access