WASP:WEB APPLICATION SQL INJECTION PREVENTER : WASP:WEB APPLICATION SQL INJECTION PREVENTER
SQL INJECTION ATTACK : SQL INJECTION ATTACK SQL injection vulnerabilities are caused by inadequate input validation.
Successful SQLIAs can give attackers access to the databases that underlying Web applications
SAMPLE SQLIA : SAMPLE SQLIA SELECT *FROM accountTableWHERE username = ‘ADMIN’--'AND password = 'anything’
MAIN VARIANTS OF SQLIA : MAIN VARIANTS OF SQLIA Tautologies
Union Queries
Leveraging Stored Procedures
MAIN VARIANTS OF SQLIA : MAIN VARIANTS OF SQLIA Piggybacked Queries
Malformed Queries
MAIN VARIANTS OF SQLIA : MAIN VARIANTS OF SQLIA Inference
Alternate Encodings
Existing System : Existing System Defensive Coding Practices
Static Analyses
Traditional Tainting (Or) Negative Tainting
DISADVANTAGES OF DEFENSIVE CODING : DISADVANTAGES OF DEFENSIVE CODING It is difficult to implement
It address only a subset of the possible attacks
The cost and complexity of retrofitting existing code
DISADVANTAGES OF STATIC ANALYSES : DISADVANTAGES OF STATIC ANALYSES Generate high rates of false positives
We can’t find out vulnerabilities introduced at the run time
Time consuming ,if conducted manually
DISADVANTAGES OF TRADITIONAL TAINTING : DISADVANTAGES OF TRADITIONAL TAINTING Incompleteness
Incompleteness leads to false negatives.
Incompleteness may thus leave the application vulnerable to attacks
PROPOSED SYSTEM : PROPOSED SYSTEM Positive Tainting
Taint Propagation
Character Level Tainting
String Manipulation
Syntax-Aware Evaluation
POSITIVE TAINTING : POSITIVE TAINTING Taint marking the trusted data which means the data that is already marked as trusted
e.g.: SELECT,FROM,UNION
These keywords are said to be trusted data
TAINT PROPAGATION : TAINT PROPAGATION We track taint information at the character level rather than at the string level.
Because SQL queries constantly broken into substrings and then manipulated.
SYNTAX-AWARE EVALUATION : SYNTAX-AWARE EVALUATION The technique then iterates through the tokens and checks whether tokens (that is, substrings) other than literals contain only trusted data.
If all such tokens pass this check, the query is considered safe and is allowed to execute
ADVANTAGES : ADVANTAGES Highly/fully automated
Faster and accurate
Minimal deployment requirements
Slide 16: Queries ? ? ?
Slide 17: Thank you