1.6 KiB
1.6 KiB
Lecture Topic: SQL attacks
Inferential attack:
An inferential attack, there is no transfer of data, but the attacker is able to reconstruct information by sending particular requests, and observing the behavior of the website or database Examples include
- Illegal/logically incorrect queries: This lets the attacker gain information by observing the behavior of the backend system. Even error codes can often give the attacker information about vulnerable/injectable
- Blind SQL injection: This attacks allow the attacker to infer data present on the server, by noticing the differences in of the result of the injection. An example would be the difference between a request with injection being true or false, it could be a result code, an empty response, result strings.
Out of band attack:
This is a type of attack where the attacker receives information through another method, like an email containing data. This can happen when the outbound connectivity of a system is lax.
SQL injection countermeasures
There are three types of countermeasures, generally
Defensive Coding
Here are a few defensive coding techniques:
- Manual defensive coding practices like type checking (only allow alphanumeric characters in username)
- Parameterized query inspection, by specifying the structure of a query, we can inspect the contents of input and not allow the parameters to affect the structure of the query itself
- SQL DOM is a way to do automatic data validation and escaping by providing a standard structure to database queries.