Web Application Penetration Testing Using SQL Injection Attack
Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.
-
Upload
douglas-sparks -
Category
Documents
-
view
214 -
download
0
Transcript of Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.
![Page 1: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/1.jpg)
Hands-on SQL Injection Attack and Defense
Winter ICT Educator Conference
Jan. 3-4, 2013
![Page 2: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/2.jpg)
Bio
![Page 3: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/3.jpg)
How Important is SQL Injection?
![Page 4: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/4.jpg)
• SQL injection continues to reign as hackers' most consistently productive technique for stealing massive dumps of sensitive information within corporate databases.
• In fact, according to analysis done by database security firm Imperva of breach events between 2005 and July of this year, 82 percent of lost data due to hacking was courtesy of SQL injection.
• http://www.darkreading.com/database-security/167901020/security/news/240006491/hacktivists-continue-to-own-systems-through-sql-injection.html
![Page 5: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/5.jpg)
• http://news.techworld.com/security/3331283/barclays-97-percent-of-data-breaches-still-due-to-sql-injection/
![Page 6: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/6.jpg)
• In 2008 SQL Injection became the leading method of malware distribution
• 16 percent of websites are vulnerable to SQL Injection
• http://jeremiahgrossman.blogspot.com/2009/02/sql-injection-eye-of-storm.html
![Page 7: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/7.jpg)
![Page 8: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/8.jpg)
Are You Vulnerable?
![Page 9: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/9.jpg)
Example SQL Injection Vulnerability
![Page 10: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/10.jpg)
![Page 11: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/11.jpg)
![Page 12: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/12.jpg)
![Page 13: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/13.jpg)
The Commands Used to Steal the Data
![Page 14: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/14.jpg)
Data Breach
![Page 15: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/15.jpg)
![Page 16: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/16.jpg)
Hands-On SQL Injection Project
• http://samsclass.info/124/proj11/SQLi-MPICT.htm
![Page 17: Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.](https://reader035.fdocuments.net/reader035/viewer/2022062802/56649ee95503460f94bfb07c/html5/thumbnails/17.jpg)
Series of Projects