Analysis of SQL injection prevention using a proxy server
Download
Report
Transcript Analysis of SQL injection prevention using a proxy server
Analysis of SQL injection
prevention using
a proxy server
By: David Rowe
Supervisor: Barry Irwin
Presentation Outline
•
•
•
•
•
•
•
•
What SQL injection is
Example
Project Objectives
Design and Implementation
Expected Results
Current Status
Possible Extensions
Questions
SQL injection
• SQL Injection is a method by which the
parameters of a Web-based application
are modified in order to change the SQL
statements that are passed to a database.
• An attacker is able to insert a series of
SQL statements into a 'query' by
manipulating data input.
SQL injection
Example
Vulnerable web page
Example
• In ASP, a critical vulnerability is the
way in which the query string is created.
• example:
var SQL = "select * from users
where
username = ' "+ username +" '
and
password = ' "+ password +" '";
Example
• Username: ‘;drop table users-• the 'users' table will be deleted, denying
access to the application for all users
Example
Query executed:
select * from users where username = “
drop table users
Example
Project Goals
• Analyse the structure of SQL query commands
• Build a parser that will check allowable patterns
of SQL statements
• Create a proxy server that will filter SQL
commands.
• Prevent a SQL injection attack to a database
using this proxy server.
• Prove that SQL injection can be prevented using
the filter developed to work on the proxy server.
Development Environment
•
•
•
•
Microsoft Windows XP
Microsoft Visual Studio .net - C Sharp
Microsoft Visual Source Safe
Microsoft SQL Server 2000
Implementation Step
Expected Results
• Prevention of a SQL injection attack by
filtering the queries using the proxy server
• List of best practices for
– Web design
– Database administration
Current Status
• Working proxy server
– Extracts the SQL from a TDS packet
– Logs that SQL query to a separate log file
• Work in progress:
– Log to the database
– Prevent a SQL injection attack
• White listing
• Black listing
Possible Extensions
• Handle other databases
examples: Oracle, MySQL and Postgres
• Other operating systems
example: Linux
Questions