24 lines
1.6 KiB
Markdown
24 lines
1.6 KiB
Markdown
|
Lecture Topic: SQL attacks
|
||
|
|
|
||
|
|
[Slides](https://lms.unb.ca/d2l/le/content/231513/viewContent/2617915/View)
|
||
|
|
## Inferential attack:
|
||
|
|
An inferential attack, there is no transfer of data, but the attacker is able to reconstruct information by sending particular requests, and observing the behavior of the website or database
|
||
|
|
Examples include
|
||
|
|
- Illegal/logically incorrect queries: This lets the attacker gain information by observing the behavior of the backend system. Even error codes can often give the attacker information about vulnerable/injectable
|
||
|
|
- Blind SQL injection: This attacks allow the attacker to infer data present on the server, by noticing the differences in of the result of the injection. An example would be the difference between a request with injection being true or false, it could be a result code, an empty response, result strings.
|
||
|
|
|
||
|
|
## Out of band attack:
|
||
|
|
This is a type of attack where the attacker receives information through another method, like an email containing data. This can happen when the outbound connectivity of a system is lax.
|
||
|
|
|
||
|
|
|
||
|
|
# SQL injection countermeasures
|
||
|
|
There are three types of countermeasures, generally
|
||
|
|
|
||
|
|
## Defensive Coding
|
||
|
|
Here are a few defensive coding techniques:
|
||
|
|
- Manual defensive coding practices like type checking (only allow alphanumeric characters in username)
|
||
|
|
- Parameterized query inspection, by specifying the structure of a query, we can inspect the contents of input and not allow the parameters to affect the structure of the query itself
|
||
|
|
- SQL DOM is a way to do automatic data validation and escaping by providing a standard structure to database queries.
|
||
|
|
|
||
|
|
## Detection
|