Testing the security of web applications is very important. There are several ways to do this. One such way is by using penetration testing tools. These tools test the security by performing an attack, without malicious payload (i.e. they will not delete parts of the web application or the database it uses), against the web application that should be tested. The results of these attacks are monitored by the tool to see which succeed.
This dissertation proposes principled techniques to address input validation errors in web applications. Many analysis techniques have been applied to programs that run on single machines, for example to find memory errors or to verify structural properties of heap data structures. In contrast to traditional applications, web applications are distributed and dynamic, and they have appeared relatively recently; hence they present a new domain with additional challenges for analysis techniques. This chapter introduces the significance of web applications and their major classes of errors, and presents the structure of the rest of this dissertation. Web Applications:
Web applications enable much of today’s online business including banking, shopping, university admissions, email, social networking, and various governmental activities. They have become ubiquitous because users only need a web browser and an Internet connection to receive a system-independent interface to some dynamically generated content. The data web that applications handle, such as credit card numbers and product inventory data, typically has significant value both to the users and to the service providers. Additionally, users care that web pages behave as trusted servers intend because web browsers run on.
SQL INJECTION ATTACKS
"An attack technique used to exploit web sites by altering backend SQL statements through manipulating application input”. SQL Injection happens when a developer accepts user input that is directly placed into a SQL Statement and doesn't properly filter out dangerous characters. This can allow an attacker to not only steal data from your database, but also modify and delete it. Certain SQL Servers such as Microsoft SQL Server contain Stored and Extended Procedures (database server functions). If an attacker can obtain access to these Procedures it may be possible to compromise the entire machine. SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. There are two types of SQL Injection SQL Injection into a string parameter and SQL Injection into a numeric parameter. The impact of SQL injection attacks may vary from gathering of sensitive data to manipulating database information, and from executing system-level commands to denial of service of the application. The impact also depends on the database on the target machine and the roles and privileges the SQL statement runs with.
Types of SQL Injection
There are different type of SQL injection methods exists such as UNION Based SQL injection, String Based SQL injection, Error Based SQL injection, Double Query SQL injection, Blind SQL injectionMsSQL injection etc… all the SQL injection methods can be used for the exploitation of database information. In this chapter we will understand each method with practical ways.
Simple SQL Injection Attack
The easiest SQL injection to perform is called "Authorization Bypass. The simplest SQL injection technique is bypassing logon forms. Consider the following web application code:
SQLQuery = "SELECT Username FROM Users WHERE Username = ‘" &strUsername& "‘ AND Password = ‘" &strPassword& "‘" strAuthCheck = GetQueryResult(SQLQuery)
If strAuthCheck = "" Then boolAuthenticated = False
boolAuthenticated = True
Here’s what happens when a user submits a username and password. The query will go through the Users table to see if there is a