Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Questions a) Explain, in your own words, the vulnerabilities that lead to succes

ID: 3674440 • Letter: Q

Question

Questions

a) Explain, in your own words, the vulnerabilities that lead to successful SQL injection attacks.

b) Explain, in your own words, the common pitfalls that developers fall into when trying to prevent SQL injection attacks (i.e. what doesn’t work, and why).

c) Describe the three solutions that do help prevent injection attacks and how they work.   Do any of these need to work together for a defense in depth solution?

d) Describe the problems and solutions associated with insecure direct object reference vulnerabilities.

Explanation / Answer

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[SQL injection must exploit asecurity vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literalescape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server

An SQL Injection can destroy your database.

a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.[1] To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.

Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.[2] This practice generally refers to software vulnerabilities in computing systems.

A security risk may be classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is tied to the potential of a significant loss. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability — a vulnerability for which an exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled

when trying to prevent SQL injection attacks

SQL injection  

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.

Injected SQL commands can alter SQL statement and compromise the security of a web application.

A smart hacker might get access to user names and passwords in a database by simply inserting " or ""=" into the user name or password text box.

Parameters for Protection

Some web developers use a "blacklist" of words or characters to search for in SQL input, to prevent SQL injection attacks.

This is not a very good idea. Many of these words (like delete or drop) and characters (like semicolons and quotation marks), are used in common language, and should be allowed in many types of input.

(In fact it should be perfectly legal to input an SQL statement in a database field.)

The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters.

SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.

Defending Against SQL Injection Attacks

The good news is that there actually is a lot that web site owners can do to defend against SQL injection attacks. Although there is no such thing as a 100 percent guarantee in network security, formidable obstacles can be placed in the path of SQL injection attempts.

1. Comprehensive data sanitization. Web sites must filter all user input. Ideally, user data should be filtered for context. For example, e-mail addresses should be filtered to allow only the characters allowed in an e-mail address, phone numbers should be filtered to allow only the characters allowed in a phone number, and so on.

2. Use a web application firewall. A popular example is the free, open source module ModSecurity which is available for Apache, Microsoft IIS, and nginx web servers. ModSecurity provides a sophisticated and ever-evolving set of rules to filter potentially dangerous web requests. Its SQL injection defenses can catch most attempts to sneak SQL through web channels.

3. Limit database privileges by context. Create multiple database user accounts with the minimum levels of privilege for their usage environment. For example, the code behind a login page should query the database using an account limited only to the relevent credentials table. This way, a breach through this channel cannot be leveraged to compromise the entire database.

4. Avoid constructing SQL queries with user input. Even data sanitization routines can be flawed. Ideally, using SQL variable binding with prepared statements or stored procedures is much safer than constructing full queries.

'Insecure Direct Object References'?

The best way to find out if an application is vulnerable to insecure direct object references is to verify that all object references have appropriate defenses. To achieve this, consider:

Code review of the application can quickly verify whether either approach is implemented safely. Testing is also effective for identifying direct object references and whether they are safe. Automated tools typically do not look for such flaws because they cannot recognize what requires protection or what is safe or unsafe.

How Do I Prevent 'Insecure Direct Object References'?

Preventing insecure direct object references requires selecting an approach for protecting each user accessible object (e.g., object number, filename):

Related Questions

Questions Could this experiment have been done in a different order? For example
Question #1081238
Questions Electrocardiogranm 1. WhatcausesthePwaveoftheECG? 2. What causes the Q
Question #3514295
Questions Example | Record the Debits and Credits in table to right. Use tables
Question #2548789
Questions Example | Record the Debits and Credits in table to right. Use tables
Question #2548852
Questions Exercise 06.07 Algorithmic « Question 2 of 6 > Check My Work O {Exerci
Question #3312341
Questions Exercise 7-14 Question 3 ofS Check My Work 2. 3. eBook Exercise 7-14 P
Question #2818940
Questions Experiment 13 Name Lab Acid Base titration 1. If the titration of 25.0
Question #1026634
Questions Explain how aniline is a base. Then explain how acetanilide is not bas
Question #927961

Navigate

Previous
Questions a) Explain, in your own words, the vulnerabilities that lead to succes
Next
Questions a, b, and c 4. Suppose you\'re running a lightweight consulting busine

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.