PPT-1 SQL injection: attacks and defenses

Dan Boneh CS 142 Winter 2009 Common vulnerabilities SQL Injection Browser sends malicious input to server Bad input checking leads to malicious SQL query XSS Crosssite scripting Bad web site sends innocent victim a script that steals information from an honest web site. • Injection:• Injection:• Injection:• Injection: STELARA PROSPECTING FOR THE CHANNEL. KEY INFLUENCERS & BUYERS. Copyright 2013 Trend Micro Inc.. 2. CISO/CIO/CSO. Copyright 2013 Trend Micro Inc.. 3. CISO,. CIO, CSO. Concerned with protecting . business operations and brand . SQL Injection and XSS. Adam Forsythe. Thomas Hollingsworth. Outline. OWASP. Injection:. Define. Attacks. Preventions. Cross-Site Scripting:. Define. Attacks. Preventions. Open Web Application Security Project. 2. What is SQL?. SQL stands for . Structured Query Language. . Allows us to access a database . ANSI and ISO standard computer language . The most current standard is SQL99. SQL can:. execute queries against a database . CSE 591 – Security and Vulnerability Analysis. Spring 2015. Adam Doupé. Arizona State University. http://adamdoupe.com. Flashback to CPU Design. Von Neumann Architecture. Harvard Architecture. "Von Neumann Architecture" by . Slide . 1. Unsafe Server Code. advisorName. = . params. [:form][:advisor]. students = . Student.find_by_sql. (. "SELECT students.* " +. "FROM students, advisors " +. "WHERE . student.advisor_id. Characterizing . Network-based . Attacks in . the Cloud. 1. (authors are unavailable to attend;. talk presented by John Heidemann, USC/ISI). Rui Miao Rahul Potharaju. Minlan Yu Navendu Jain. Cloud, Big… . SQL Injection and XSS. Adam Forsythe. Thomas Hollingsworth. Outline. OWASP. Injection:. Define. Attacks. Preventions. Cross-Site Scripting:. Define. Attacks. Preventions. Open Web Application Security Project. 2008. 09. 25. Presented by . Jeong-hoon. , Park. 1. Outline. SQL Command Injection Attack (SQLCIA). Prepare . Statements. High level idea: Dynamic . Candidate . Evaluations. Proposed Method. Evaluation. Shamaria Engram. University of South Florida. Systems Security. Outline. Web Application Vulnerabilities. . Injection. Detection Mechanisms. Defenses. Broken Authentication and Session . Management. Winter ICT Educator . Conference. Jan. 3-4, 2013. Bio. How . Important is SQL Injection?. SQL injection continues to reign . as hackers' most consistently productive technique for stealing massive dumps of sensitive information within corporate databases.. Comcast. Introduction. About Me. Director of Quality Assurance @ Comcast. Web / database development background. CISSP and some other alphabet . soup. http://www.frein.com. . http://. www.linkedin.com/in/stephenfrein. Attacks. Haotian Wang. Ph.D. . . Student. University of Idaho. Computer Science. Outline. Introduction. Defense . a. gainst . Adversarial Attack Methods. Gradient Masking/Obfuscation. Robust Optimization. Authentication. Cross-Site Scripting. SQL Injection. Tips. References. Playtime!. Cracking/hacking is against University policy, state law, and federal law and can carry severe penalties. Exception to University policy for the duration of this presentation for the site below:.