Types of SQL Injection
- Query Modification.
- Union Attack.
- Stacked Queries.
Query Modification
The attacker modifies the original query and then Ignores the rest of the original by adding – at the end of their addition to comment it out.
Union Attack
The attacker creates a UNION with an existing query that returns results from their query mixed with results of a legitimate query.
Stacked Queries
The attacker ends the original query with a ; and then appends their own query onto the original.
Preventing SQL Injection
- Parameterized Queries.
- Input Validation.
- Limit Database User Privileges.
Preventing SQL Injection
- Parameterized Queries.
- Input Validation.
- Limit Database User Privileges.
Parameterized Queries
The single most effective thing you can do to prevent SQL injection is to use parameterized queries. If this is done consistently, SQL injection will not be possible.
Input Validation
Limiting the data that can be input by a user can certainly be helpful in preventing SQL Injection, but is by no means effective prevention by itself.
Limit Database User Privileges
A web application should always use a database user to connect to the database that has as few permissions as necessary.
Hash Function
Is one that can map input data of arbitrary size to a fixed size output.
Hashing characteristics
Hashing is 1-way, meaning that once data is hashed, the hash cannot be reversed back into the original data
Salt
Is a fixed-length cryptographically-strong random value that is added to a password as input to a hash function..
Encryption
is the most effective way to achieve data security. When data is sent between two parties or stored, it is stored in an encrypted non-human readable format that requires the key to properly decrypt and understand.
Encrypting Data at Rest
- Data at rest can use a form of encryption called symmetric key encryption.
- Requires both parties to use the key to encrypt and decrypt data.
- Any party possessing the key can read the data.
- Has difficulties securing the symmetric key amongst multiple parties.
Securing Data in Transit
- Data in transit can use a form of encryption called asymmetric key encryption.
- Uses a Private and Public Key.
- Any party can be sent the public key. It can encrypt the data, but not decrypt it.
- Only the key owner has the private key. It can decrypt data encrypted by the public key.
- Has difficulties securing the symmetric key amongst multiple parties.
Asymmetric Encryption Common Usages
- Communication/Network Security: Digital Certificates.
- Web: HTTPS (SSL (Secure Socket Layer) /TLS (Transport Layer Security) ).
- Java: Bouncy Castle.
Communication/Network Security Asymmetric Encryption
Normally a paid subscription
OpenSSL - Open Source / Free Certificates
http://dashboard.techelevator.com vs https://dashboard.techelevator.com
Web Asymmetric Encryption
HTTPS Everywhere Project - movement to make all communication on the internet encrypted using OpenSSL.
Java Asymmetric Encryption
An open-source library that provides asymmetric encryption for Java.
Man In The Middle Attack
Performed by a local malicious network connection, for example, in a coffee shop or hotel.
Man In The Middle Attack characteristics
- Attacker provides a fake wifi connection.
- Victim connects and establishes a secure connection with the fake wifi connection.
- The attacker establishes a secure connection on behalf of the victim to the intended destination.
- Communication then transmits encrypted from the user to the attacker’s device and from the attacker’s device to the destination but is unencrypted while on the attacker’s device.
-
Databases41
-
Ordering, Groups, and Functions2
-
Keys, Join, and Union20
-
Insert, Update, Delete, RI, and Constraints20
-
Database Design13
-
Database Connectivity - DAO21
-
Integration Testing19
-
Data Security21
-
Server32
-
HTTP Web Services requests GET, POST, PUT, DELETE14
-
Server Side APIs13
-
Authentication18
