Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie Protecting Your Web Site From SQL Injection & XSS
Ähnlich wie Protecting Your Web Site From SQL Injection & XSS (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Protecting Your Web Site From SQL Injection & XSS
- 1. Protecting Your Web Site From SQL Injection & XSS This year, over 500,000 web pages were defaced by a malicious SQL Injection… Chris Kenworthy </dream.in.code>® August 27, 2008
- 3. What is SQL? Structured Query Language Used to retrieve and manage data in relational databases Chances are your organization is using SQL Example: SELECT firstName, lastName FROM users WHERE userID = ‘chris’;
- 4. What is a SQL Injection? A common security vulnerability Occurs when unfiltered input is executed Easily prevented Example of Vulnerability: http://www.example.com/login.php?UserID=chris SELECT firstName, lastName FROM users WHERE userID = ‘” + $UserID + “’
- 5. Example of an Attack Original Query: SELECT firstName, lastName FROM users WHERE userID = ‘” + $UserID + “’; Set $UserID to: nobody’ OR ‘a’ = ‘a Result: SELECT firstName, lastName FROM users WHERE userID = ‘nobody’ OR ‘a’ = ‘a’;
- 6. The Impact Query always returns true Attacker authenticates as first user in database Possible Impacts: False authentication Permissions escalation Information disclosure Identity theft More…
- 7. Example of an Attack Original Query: SELECT firstName, lastName FROM users WHERE userID=‘” + $UserID + “’; Set $UserID to: x’; DROP TABLE users; -- Result: SELECT firstName, lastName FROM users WHERE userID=‘x’; DROP TABLE users;--’;
- 8. The Impact Attacker deletes entire users table! Possible Impacts: Loss of data Data manipulation Data insertion Virus/Malware distribution Total database destruction More…
- 9. Preventing SQL Injection Sanitize the input Enforce data types (i.e. numeric, string, etc.) Use parameterized statements Use stored procedures Limit permissions Install an application firewall (my favorite) Apache: mod_security (w/ Core Rules) IIS: URLScan 3.0 (Beta)
- 11. What is XSS? XSS (Cross Site Scripting) Allows execution of arbitrary code Often involves tricking the end user Over 70% of web sites may be vulnerable Example: <<SCRIPT>alert("XSS");//<</SCRIPT>
- 12. How Does XSS Work? Scenario 1: You get an email with a URL that looks like this: http://www.domain.com/index.php?userid =%3C%3C%53%43%52%49%50%54%3E%61%6C%65%72%7 You click it and the web page outputs the userid variable resulting in this:
- 13. How Does XSS Work? Scenario 2: There is a comment form on a web page. You paste this string in to the form: <<SCRIPT>alert("XSS");//<</SCRIPT> Now every user that visits that page will see this:
- 14. Why Does It Work? Inputs are displayed as HTML instead of character entities: Cookies are not secured Sessions can be hijacked
- 15. The Impact of XSS Identify Theft Malware Session Hijacking User impersonation Redirection Misinformation
- 16. Preventing XSS Attacks Convert all inputs to HTML character entities before outputting to the screen Secure cookies using the httpOnly attribute Associate sessions with IP addresses Install an application firewall (again, my favorite) Educate users! Don’t click links in emails you don’t recognize Don’t fill out forms from links in emails
- 17. Resources Scrawlr – Find SQL injection vulnerabilities in your site Mod_security – Web application firewall (Apache) URLScan – Web application firewall (IIS) XSS Examples
- 18. Closing Thoughts If you have a web site, you will be attacked Don’t trust developers to secure their code Use an application firewall if possible Be proactive
- 19. Questions? Comic from XKCD: http://xkcd.com/327/