Scribd Logo
Upload

Welcome to Scribd!

  • Securing Web Application

    Uploaded by

    Mary Enitek
    14 views15 pages
    This document discusses common web application attacks and how to defend against them. It covers SQL injection, where malicious SQL code can be passed to an application via user inputs. If not sanitized, this can allow attackers to read or modify the database. The document also discusses cross-site scripting (XSS), where malicious JavaScript can be injected into a web page via forms or comments. When other users view the page, the script would run and potentially steal session cookies or other data. The key defenses are validating all user inputs, escaping special characters, and never trusting user data by default.

    Original Description:

    Original Title

    Securing_Web_Application

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses common web application attacks and how to defend against them. It covers SQL injection, where malicious SQL code can be passed to an application via user inputs. If not sanitized, this can allow attackers to read or modify the database. The document also discusses cross-site scripting (XSS), where malicious JavaScript can be injected into a web page via forms or comments. When other users view the page, the script would run and potentially steal session cookies or other data. The key defenses are validating all user inputs, escaping special characters, and never trusting user data by default.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    14 views15 pages

    Securing Web Application

    Uploaded by

    Mary Enitek
    This document discusses common web application attacks and how to defend against them. It covers SQL injection, where malicious SQL code can be passed to an application via user inputs. If not sanitized, this can allow attackers to read or modify the database. The document also discusses cross-site scripting (XSS), where malicious JavaScript can be injected into a web page via forms or comments. When other users view the page, the script would run and potentially steal session cookies or other data. The key defenses are validating all user inputs, escaping special characters, and never trusting user data by default.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 15

    SECURING WEB APPLICATIONS

    1 Prepared by Fadi Sharif


    WEB ATTACKS
     Sql-code-injection
     XSS: Cross Site Scritping

    2
    SQL CODE INJECTION
     So far most of the example we used were hard-code
    examples.
     Ex:
    “insert into student values (45,’samer’,’IT’,89)”
     These examples were simple, straight forward, but at the
    same time unrealistic.
     Real world examples are not hard-coded, i.e. users
    specify the values for the SQL statements
     Ex:
    “insert into student values (‘ “ . $name. “ ’, ‘ ” . $major.“ ‘,“ .$average. “);”;
     This kind of coding open the door for a very dangerous type of attacks
    called SQL Code Injection 3
    SQL CODE INJECTION (CONT..)
     SQL injection is the process of passing SQL code into an
    application, in a way that was not intended or anticipated
    by the application developer.
     This may be possible because of the poor design of the
    application, and it affects only applications that use SQL
    string building techniques to create a command with
    user-supplied values.
     Consider the following Sql statement
    “Delete from students where id=“.$id. “;”;

    4
    SQL CODE INJECTION (CONT..)
     Now, what happened in the user entered instead of the id
    the following: 1 or 1 = 1
     This results in the where condition of the SQL statement
    to be true for all rows.
     This way the application will delete all the records of the
    table student.

    5
    CONSIDER ANOTHER EXAMPLE
    <?php
    $name = $_POST[‘username’];
    $pwd = $_POST[‘password’];

    $str_sql = "SELECT * from users WHERE " .


    ”username=’" . $username . "’ AND " .
    ”password=’" . $password . "’";

    $result = mysql_query( $str_sql ) or die


    ( mysql_error() );
    ?>
    Now what is the user entered for the password the following:
    Username: user1
    Password: Pass’ or ‘1’ = ‘1
    6
     The Sql statement would look like:

    SELECT * from users WHERE


    username=’admin’ AND
    password=’pass’ or ‘1’=‘1’;

     Execution of this statement would result in the user to


    bypass the username and password check as the
    condition ‘1’=‘1’ is always true for all records

    7
    HOW TO DEFEND AGAINST ATTACKS
     Restrict the use of some special characters like ‘ and “
     Restrict the level of messages exposed to the user,
    remember handling exceptions, always provide
    customized and simple error messages to the users
     Still, the best solution to prevent SQL Code Injection
    attacks is to use validate the data entered by the user.

    8
    HOW TO DEFEND AGAINST ATTACKS
    (CONT..)
     If the user it to enter a numeric value validate that using:
    is_numeric($id); function
     Also use the mysql function:
     mysql_real_escape_String($data);
     This functions escapes the special characters used to build the
    SQL-statement.
     For examle: “ ‘ \n \t \

    9
    XSS: CROSS SITE SCRIPTING
     Most Web sites today add dynamic content to a Web
    page making the experience for the user more enjoyable.
     Dynamic content is content generated by some server
    process, which when delivered can behave and display
    differently to the user depending upon their settings and
    needs.
     Dynamic Web sites have a threat that static Web sites
    don't, called "cross-site scripting," also known as "XSS."

    10
     Cross Site Scripting is passing code by the attacker to the
    client to be executed on his machine.
     The attacker uses html forms in the web application to
    pass code (html and JavaScript) to the server.
     The Server receives the sent data (code) and save it.

     The Server then regenerate the code then send it back to


    other users.
     Other users browsers will execute the code, and as a
    result it may steal their information.

    11
    XSS: TYPICAL EXAMPLE
     Your website has a form to submit comments
     The attacker makes advantage of the comment form and
    writes in the comment box some JavaScript code to steal the
    users information
     The attacker submits the form, the data from the form is sent
    back to the server and saved in the database.
     Now, you and other users request the page which contains the
    users comments, including the attacker malicious comment.
     Your browser receives data from the server and interpret the
    code in the attacker comments.
     The result: your sensitive information like session ID, cookie
    and username/password are stolen and sent back to the 12
    attacker.
    HOW TO DEFEND AGAINST XSS
    ATTACKS?
     Validate the user input.
     Use htmlspecialchars($string) function

     This function translate html special characters to its


    equivalent characters
     The translations performed are:
     '&' (ampersand) becomes '&amp;'
     '"' (double quote) becomes '&quot;’
     "'" (single quote) becomes '&#039;' (or &apos;)
     '<' (less than) becomes '&lt;'
     '>' (greater than) becomes '&gt;'

    13
    JUST REMEMBER
    Basically, to be safe, at the least remember the following
    rules:

     Never trust the user!


     Validate your data!

     Always escape your characters!

     Never trust the user!

    14
    REFERENCES
     W3schools.com
     Php.net

    15

    You might also like