Posted by Brett Hardin on 21st October 2009
21Oct
Posted by Brett Hardin on 7th July 2009
Reading time: 1 – 2 minutes
Photo: XKCD
SQL Injection is an injection flaw where a web application allows a user to send un-sanitized input into a SQL query.
The textbook example is that a web application has a username field that inserts the user’s input into the following SQL query:
statement = "SELECT * FROM users WHERE name = '" + userName + "';"
The user then types a' or '1'='1 into the username field. This creates the following SQL statement:
SELECT * FROM users WHERE name = 'a' or '1'='1'
If the statement variable is used for the authentication procedure then the evaluation of the SQL statement will always be true.
An attacker can cause damage if they appended something like, '; DROP TABLE users;--
This would produce the following SQL statement:
statement = "SELECT * FROM users WHERE name = ''; DROP TABLE users;--';
Which would result in the users table being deleted from the Database.
7Jul
Posted by Brett Hardin on 6th July 2009
Reading time: 2 – 2 minutes
When developing a security strategy for web applications many companies have no idea where to begin. The Open Web Application Security Project (OWASP) understood this problem and developed the OWASP Top 10.
The OWASP top 10 are the top 10 vulnerabilities that are found in web applications. If you have an hour or don’t want to read all of these posts, you can simply watch a video.
If you are a developer, you should understand these vulnerabilities. Understanding them is critical into introducing less vulnerabilities into your code.
The OWASP Top 10:
A1 – Cross Site Scripting (XSS)
A2 – Injection Flaws
A3 – Malicious File Execution
A4 – Insecure Direct Object Reference
A5 – Cross Site Request Forgery (CSRF)
A6 – Information Leakage and Improper Error Handling
A7 – Broken Authentication and Session Management
A8 – Insecure Cryptographic Storage
A9 – Insecure Communications
A10 – Failure to Restrict URL Access
6Jul
