Week 7 Lecture

Transféré par

Grantham University

0% ont trouvé ce document utile (0 vote)

2K vues2 pages

Week 7 Lecture

Copyright

Formats disponibles

PDF, TXT ou lisez en ligne sur Scribd

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Signaler ce document

Week 7 Lecture

Droits d'auteur :

Formats disponibles

Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd

Signaler comme contenu inapproprié

0% ont trouvé ce document utile (0 vote)

2K vues2 pages

Week 7 Lecture

Transféré par

Grantham University

Week 7 Lecture

Droits d'auteur :

Formats disponibles

Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd

Signaler comme contenu inapproprié

Passer à la page

Vous êtes sur la page 1sur 2

Rechercher à l'intérieur du document

Overview

NoSQLinjectionisacodeinsertiontechniqueusedtoattackdatadriven
applications,inwhichmaliciouscodeisinsertedtonormalSQLstatementtodump
contentsfromdatabase.
Thereisvulnerabilitywithsomewebapplicationswhichallowtheattackerto
submitSQLcommandstothedatabase.Mostoftenthisiscausedbydataentered
throughthewebapplicationwithoutvalidationorencodingresultinginacommand
orquery.Thesystemdoesnotdeterminetheintendedcommandsversusthe
attackersinjection.Thisallowstheattackertocreate,read,modifyordelete
sensitivedata.
Withthismethodcanallowanattackercouldtobypassauthentication,access,
modifyanddeletedatawithinadatabase.SQLinjectioncanbeusedtoexecute
commandsontheoperatingsysteminturnallowinganattackertoescalatetomore
damagingattacksinsideofanetworkthatsitsbehindafirewall.
OneformofSQLinjectionoccurswhenanattackerisabletousethesame
communicationchanneltobothlaunchtheattackandgatherresults.Thismethod
coulduseerrormessagesthrownbythedatabaseservertoobtaininformationabout
thestructureofthedatabase.Whileerrorsareveryusefulduringthedevelopment
phaseofawebapplication,theyshouldbedisabledonaproductiondatabaseor
loggedtoafilewithrestrictedaccessinstead.AnothertechniqueusestheUNION
SQLoperatortocombinetheresultsoftwoormoreSELECTstatementsintoa
singleresultwhichisthenreturnedaspartoftheHTTPresponse.

Anothertechniquedoesnotinvolvetransferringdatawiththewebapplication.The
attackerisabletoreconstructthedatabasestructurebysendingpayloads,observing
thewebapplicationsresponseandtheresultingbehaviorofthedatabaseserver.
OnemethodreliesonsendinganSQLquerytothedatabasewhichforcesthe
applicationtoreturnadifferentresultdependingonwhetherthequeryreturnsa
TRUEorFALSEresult.Dependingontheresult,thecontentwithintheHTTP
responsewillchange,orremainthesame.Thisisaslowermethodastheattacker
wouldneedtoenumerateadatabase,characterbycharacter.
Whenlookingatthetimebasedtechniquethedatabaseforcesthedatabasetowait
foraspecifiedamountoftime(inseconds)beforeresponding.Theresponsetime
willindicatetotheattackerwhethertheresultofthequeryisTRUEorFALSE.
Dependingontheresult,anHTTP
SQLinjectionattacksdonothavetoreturndatadirectlytotheusertobeuseful.
Theuseoftimingorotherperformanceindicatorsanderrormessagescanbeused
todeducethesuccessorresultsofanattack.
Preventionmethodsincludeusingpreparedstatementsinsteadofdynamicqueries
usingstringconcatenation,validatinginputandinputtypesandusingaleast
privilegeapproachforapplicationaccounts.

Vous aimerez peut-être aussi

AC340 Accounting Systems I
Document10 pages
AC340 Accounting Systems I
Grantham University
Pas encore d'évaluation
CS285 Syllabus
Document6 pages
CS285 Syllabus
Grantham University
Pas encore d'évaluation
Intermediate Accounting I: Required Text
Document9 pages
Intermediate Accounting I: Required Text
Grantham University
Pas encore d'évaluation
ACC210 Syllabus
Document10 pages
ACC210 Syllabus
Grantham University
0% (1)
GU299 Syllabus
Document10 pages
GU299 Syllabus
Grantham University
Pas encore d'évaluation
Lists: Web Development I - Page Content Elements
Document4 pages
Lists: Web Development I - Page Content Elements
Grantham University
Pas encore d'évaluation
IS301 W4 Lecture
Document6 pages
IS301 W4 Lecture
Grantham University
Pas encore d'évaluation
Part A: Introductions: W1: Introductions and Initial Status Report
Document3 pages
Part A: Introductions: W1: Introductions and Initial Status Report
Grantham University
Pas encore d'évaluation
LD550 Syllabus
Document11 pages
LD550 Syllabus
Grantham University
Pas encore d'évaluation
IS301 Discussion Preview
Document2 pages
IS301 Discussion Preview
Grantham University
Pas encore d'évaluation
Web Design I: Course Description
Document7 pages
Web Design I: Course Description
Grantham University
Pas encore d'évaluation
IS499 Final Project
Document6 pages
IS499 Final Project
Grantham University
Pas encore d'évaluation
Political Conflicts America: Cultures in Conflict Week 7 Case Study
Document2 pages
Political Conflicts America: Cultures in Conflict Week 7 Case Study
Grantham University
Pas encore d'évaluation
Political Conflicts Case Study A Look at The Political Polarity in The United States of America
Document2 pages
Political Conflicts Case Study A Look at The Political Polarity in The United States of America
Grantham University
Pas encore d'évaluation
Gender Conflicts Allow It A Look at The Israeli Experience
Document3 pages
Gender Conflicts Allow It A Look at The Israeli Experience
Grantham University
Pas encore d'évaluation
Computer Science Capstone Project: Course Description
Document7 pages
Computer Science Capstone Project: Course Description
Grantham University
Pas encore d'évaluation
Cultures in Conflict: Course Description
Document10 pages
Cultures in Conflict: Course Description
Grantham University
Pas encore d'évaluation
Benefit/Cost Analysis and Public Sector Projects
Document4 pages
Benefit/Cost Analysis and Public Sector Projects
Grantham University
Pas encore d'évaluation
Lesson Four Present Worth Analysis
Document5 pages
Lesson Four Present Worth Analysis
Grantham University
Pas encore d'évaluation
Chapter 8 Breakeven, Sensitivity, and Payback Analysis
Document5 pages
Chapter 8 Breakeven, Sensitivity, and Payback Analysis
Grantham University
Pas encore d'évaluation
EMT320 W3 Getting Started
Document3 pages
EMT320 W3 Getting Started
Grantham University
Pas encore d'évaluation
EMT320 W2 Getting Started
Document3 pages
EMT320 W2 Getting Started
Grantham University
Pas encore d'évaluation
EMT320 W8 Getting Started
Document1 page
EMT320 W8 Getting Started
Grantham University
Pas encore d'évaluation
Chapter 6 Rate of Return Analysis: ROR Calculation
Document5 pages
Chapter 6 Rate of Return Analysis: ROR Calculation
Grantham University
Pas encore d'évaluation
Lesson Five Annual Worth Analysis: Formulas
Document2 pages
Lesson Five Annual Worth Analysis: Formulas
Grantham University
Pas encore d'évaluation
Weekly Overview: Week 2: Week 2: How Time and Interest Affect Money
Document4 pages
Weekly Overview: Week 2: Week 2: How Time and Interest Affect Money
Grantham University
Pas encore d'évaluation
Weekly Overview: Week 4: Week 4: Present Worth Analysis
Document3 pages
Weekly Overview: Week 4: Week 4: Present Worth Analysis
Grantham University
Pas encore d'évaluation
ED250 Syllabus
Document6 pages
ED250 Syllabus
Grantham University
Pas encore d'évaluation
Weekly Overview: Week 7: Week 7: Cost Benefit Analysis and Public Sector Projects
Document3 pages
Weekly Overview: Week 7: Week 7: Cost Benefit Analysis and Public Sector Projects
Grantham University
Pas encore d'évaluation
Shoe Dog: A Memoir by the Creator of Nike
D'Everand
Shoe Dog: A Memoir by the Creator of Nike
Phil Knight
Évaluation : 4.5 sur 5 étoiles
4.5/5 (537)
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life
D'Everand
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life
Mark Manson
Évaluation : 4 sur 5 étoiles
4/5 (5794)
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race
D'Everand
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race
Margot Lee Shetterly
Évaluation : 4 sur 5 étoiles
4/5 (895)
The Yellow House: A Memoir (2019 National Book Award Winner)
D'Everand
The Yellow House: A Memoir (2019 National Book Award Winner)
Sarah M. Broom
Évaluation : 4 sur 5 étoiles
4/5 (98)
Grit: The Power of Passion and Perseverance
D'Everand
Grit: The Power of Passion and Perseverance
Angela Duckworth
Évaluation : 4 sur 5 étoiles
4/5 (588)
The Little Book of Hygge: Danish Secrets to Happy Living
D'Everand
The Little Book of Hygge: Danish Secrets to Happy Living
Meik Wiking
Évaluation : 3.5 sur 5 étoiles
3.5/5 (400)
The Emperor of All Maladies: A Biography of Cancer
D'Everand
The Emperor of All Maladies: A Biography of Cancer
Siddhartha Mukherjee
Évaluation : 4.5 sur 5 étoiles
4.5/5 (271)
Never Split the Difference: Negotiating As If Your Life Depended On It
D'Everand
Never Split the Difference: Negotiating As If Your Life Depended On It
Chris Voss
Évaluation : 4.5 sur 5 étoiles
4.5/5 (838)
The World Is Flat 3.0: A Brief History of the Twenty-first Century
D'Everand
The World Is Flat 3.0: A Brief History of the Twenty-first Century
Thomas L. Friedman
Évaluation : 3.5 sur 5 étoiles
3.5/5 (2259)
On Fire: The (Burning) Case for a Green New Deal
D'Everand
On Fire: The (Burning) Case for a Green New Deal
Naomi Klein
Évaluation : 4 sur 5 étoiles
4/5 (74)
Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
D'Everand
Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
Ashlee Vance
Évaluation : 4.5 sur 5 étoiles
4.5/5 (474)
A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
D'Everand
A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
Dave Eggers
Évaluation : 3.5 sur 5 étoiles
3.5/5 (231)
Team of Rivals: The Political Genius of Abraham Lincoln
D'Everand
Team of Rivals: The Political Genius of Abraham Lincoln
Doris Kearns Goodwin
Évaluation : 4.5 sur 5 étoiles
4.5/5 (234)
Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
D'Everand
Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
Gilbert King
Évaluation : 4.5 sur 5 étoiles
4.5/5 (266)
The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
D'Everand
The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
Ben Horowitz
Évaluation : 4.5 sur 5 étoiles
4.5/5 (345)
Yes Please
D'Everand
Yes Please
Amy Poehler
Évaluation : 4 sur 5 étoiles
4/5 (1891)
The Unwinding: An Inner History of the New America
D'Everand
The Unwinding: An Inner History of the New America
George Packer
Évaluation : 4 sur 5 étoiles
4/5 (45)
Rise of ISIS: A Threat We Can't Ignore
D'Everand
Rise of ISIS: A Threat We Can't Ignore
Jay Sekulow
Évaluation : 3.5 sur 5 étoiles
3.5/5 (137)
Principles: Life and Work
D'Everand
Principles: Life and Work
Ray Dalio
Évaluation : 4 sur 5 étoiles
4/5 (599)
Fear: Trump in the White House
D'Everand
Fear: Trump in the White House
Bob Woodward
Évaluation : 3.5 sur 5 étoiles
3.5/5 (738)
Angela's Ashes: A Memoir
D'Everand
Angela's Ashes: A Memoir
Frank McCourt
Évaluation : 4.5 sur 5 étoiles
4.5/5 (440)
Bad Feminist: Essays
D'Everand
Bad Feminist: Essays
Roxane Gay
Évaluation : 4 sur 5 étoiles
4/5 (1016)
Steve Jobs
D'Everand
Steve Jobs
Walter Isaacson
Évaluation : 4.5 sur 5 étoiles
4.5/5 (806)
The Glass Castle: A Memoir
D'Everand
The Glass Castle: A Memoir
Jeannette Walls
Évaluation : 4.5 sur 5 étoiles
4.5/5 (1713)
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are
D'Everand
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are
Brené Brown
Évaluation : 4 sur 5 étoiles
4/5 (1090)
John Adams
D'Everand
John Adams
David McCullough
Évaluation : 4.5 sur 5 étoiles
4.5/5 (2409)
The Outsider: A Novel
D'Everand
The Outsider: A Novel
Stephen King
Évaluation : 4 sur 5 étoiles
4/5 (1839)
The Light Between Oceans: A Novel
D'Everand
The Light Between Oceans: A Novel
M.L. Stedman
Évaluation : 4.5 sur 5 étoiles
4.5/5 (789)
Manhattan Beach: A Novel
D'Everand
Manhattan Beach: A Novel
Jennifer Egan
Évaluation : 3.5 sur 5 étoiles
3.5/5 (792)
The Sympathizer: A Novel (Pulitzer Prize for Fiction)
D'Everand
The Sympathizer: A Novel (Pulitzer Prize for Fiction)
Viet Thanh Nguyen
Évaluation : 4.5 sur 5 étoiles
4.5/5 (121)
The Woman in Cabin 10
D'Everand
The Woman in Cabin 10
Ruth Ware
Évaluation : 3.5 sur 5 étoiles
3.5/5 (2322)
Brooklyn: A Novel
D'Everand
Brooklyn: A Novel
Colm Tóibín
Évaluation : 3.5 sur 5 étoiles
3.5/5 (1937)
A Man Called Ove: A Novel
D'Everand
A Man Called Ove: A Novel
Fredrik Backman
Évaluation : 4.5 sur 5 étoiles
4.5/5 (4610)
The Perks of Being a Wallflower
D'Everand
The Perks of Being a Wallflower
Stephen Chbosky
Évaluation : 4.5 sur 5 étoiles
4.5/5 (2104)
Wolf Hall: A Novel
D'Everand
Wolf Hall: A Novel
Hilary Mantel
Évaluation : 4 sur 5 étoiles
4/5 (3811)
Little Women
D'Everand
Little Women
Louisa May Alcott
Évaluation : 4 sur 5 étoiles
4/5 (104)
Her Body and Other Parties: Stories
D'Everand
Her Body and Other Parties: Stories
Carmen Maria Machado
Évaluation : 4 sur 5 étoiles
4/5 (821)
The Art of Racing in the Rain: A Novel
D'Everand
The Art of Racing in the Rain: A Novel
Garth Stein
Évaluation : 4 sur 5 étoiles
4/5 (4200)
Sing, Unburied, Sing: A Novel
D'Everand
Sing, Unburied, Sing: A Novel
Jesmyn Ward
Évaluation : 4 sur 5 étoiles
4/5 (1103)
The Constant Gardener: A Novel
D'Everand
The Constant Gardener: A Novel
John le Carré
Évaluation : 3.5 sur 5 étoiles
3.5/5 (104)
A Tree Grows in Brooklyn
D'Everand
A Tree Grows in Brooklyn
Betty Smith
Évaluation : 4.5 sur 5 étoiles
4.5/5 (1929)