SQL Injection Vulnerabilities - Research Paper Example

SQL Injection Vulnerabilities INTRODUCTION SQL injection is a of vulnerability that poses extremely high risks in the presentthreat landscape. The MITRE Common Weakness Enumeration (CWE) ranked SQL injection as first in the list of top 25 most dangerous software errors. Many high profile intrusions have demonstrated the exploitation of these vulnerabilities. Abundance of information exist on the prevention of SQL injection vulnerabilities; however, much of such information is always technically designed for the web application developers and not the general user community. This forms the basis of the article: to provide comprehensive guidance on the use of the open source techniques and tools for independent identification of common SQL injection vulnerabilities simulating the attacker’s approaches. EXPLANATION OF PAPER The causes of the SQL injection vulnerabilities can basically be attributed to the acceptance of data from un-trusted sources by the software applications, lack of proper sanitization and validation of the data, and the consequent use of the data in the dynamic construction of an SQL query. The SQL injection is most common in the web based applications even though other applications that integrate SQL are also exposed to such threats. The persistence of this threat can be linked to the existence of the underlying causes in almost all web applications in spite of the implemented technology, programming language, web framework or even popularity. Many of the high profile intrusions that implicate SQL injection often attract lots of attention, which can be associated with the quite inherent breach of confidentiality in the stored data in the compromised databases. The loss of confidentiality and the resultant financial costs and downtime involved in the recovery efforts, negative publicity, and regulatory penalties are some of the initial impacts of a successful compromise. The integrity of the database can also be compromised in other sites that do not involve, hold or use sensitive customer or financial information. Exploiting SQL injection vulnerabilities enables an attacker to persistently foist dynamic and storage page content generation that would include malicious code in the attacked site. The visitors to the site may thus be redirected to malicious sites or tricked to install malicious codes. The SQL injection attack vectors are represented by data passed to the vulnerable web application from the user and which is processed by supporting database. Practically, the most common SQL injection attack vectors arise from the data transmitted through HTTP POST and HTTP GET. Other attack vectors are HTTP User-Agent, HTTP cookie data, and Referer header values. The exploitation of some SQL injection vulnerabilities can be effected through the authentication of unprivileged user accounts, all of which depends on where the application fails in the sanitization of the input. This means that the sites that readily and easily allow the users to create new accounts hold additional risks. The automatic detection of the vulnerabilities of the SQL injections depends on the heuristics of the behavior of the target application in responding to the specially crafted queries. The techniques involved in the detection heuristics are classified into three categories. The Boolean-based blind SQL injection which includes the supply of multiple valid statements that bears evaluation to true or false in the affected area at the request of HTTP. Through the comparison of the response page between both situations, the success of the injection can be inferred by the tool. The Time-based blind SQL injection entails the supply of valid SQL statements in the affected area in the request of HTTP that made the database stop for a particular time period. Through the comparison of the times of response between the variously timed injected requests and the normal requests, the tool can establish whether or not the implementation of the SQL statement was successful. The Error based SQL injection entails the supply of invalid SQL statements to the affected areas within the request of HTTP. Monitoring of the HTTP responses is then effected by the tool for the known error messages that have come from the database server. There are two tools that are commonly used in the testing SQL injection; they include the OWASP ZAP and sqlmap. OWASP ZAP is an analysis tool for the applications that communicate via the HTTPS and HTTP. It functions as an intercepting proxy, which allows for the review and modification of requests and responses by the user before their sending between the browser and server. The tool also monitors the interaction the web application and the user’s browser. The features that is inclusive in the tool capacity to effectively investigate a web server for any links that can be hidden or obscured in the process of the normal interactions. The sqlmap is an open source penetration and python-based testing tool that mechanizes the process of SQL injection flaws detection. It also includes features that enable vulnerable systems exploitation such as database fingerprinting, data collection from compromised databases, server’s underlying file system access, and execution of commands on the operating system through the out-of-bands connections. A command line user interface is employed by the sqlmap. MY OPINION I agree with the article’s advancement that the information regarding the SQL injection has been highly technicalized to suit only the professional web developers and not to suit the common users such as the administrators. There is need for the information to be simplified in a manner that would enable the everyday consumers of information technology to be aware of the SQL injection vulnerabilities, causes, impacts and the available techniques and tools for avoiding, preventing or managing any compromise to the database system. The acceptance of data from un-trusted sources usually expose the users to the SQL inject vulnerability as they are more likely to improperly sanitize and validate data, or to completely fail to do so at all. The attacks resulting from the SQL injections quite often become headlines across the world because of their detrimental impacts on the confidentiality of data available in the databases. The breach of confidentiality of the consumer or financial information is always very likely. This is another reason why I agree with the fact advanced by the article concerning SQL injection being one of the most, if not the most, dangerous software errors. SUMMARY SQL injection is a class of vulnerability that poses extremely high risks in the present threat landscape. The causes of the SQL injection vulnerabilities can basically be attributed to the acceptance of data from un-trusted sources by the software applications, lack of proper sanitization and validation of the data, and the consequent use of the data in the dynamic construction of an SQL query. The SQL injection is most common in the web based applications even though other applications that integrate SQL are also exposed to such threats. The SQL injection attack vectors are represented by data passed to the vulnerable web application from the user and which is processed by supporting database. Practically, the most common SQL injection attack vectors arise from the data transmitted through HTTP POST and HTTP GET. Other attack vectors are HTTP User-Agent, HTTP cookie data, and Referer header values. The sites that readily and easily allow the users to create new accounts hold additional risks. The automatic detection of the vulnerabilities of the SQL injections depends on the heuristics of the behavior of the target application in responding to the specially crafted queries. The techniques involved in the detection heuristics are classified into three categories: The Boolean-based blind SQL injection, the Time-based blind SQL injection and the Error based SQL injection. OWASP ZAP and sqlmap are two tools that are commonly used in the in the testing SQL injection. OWASP ZAP is an analysis tool for the applications that communicate via the HTTPS and HTTP. It functions as an intercepting proxy, which allows for the review and modification of requests and responses by the user before their sending between the browser and server. Sqlmap is an open source penetration and python-based testing tool that mechanizes the process of SQL injection flaws detection. It also includes features that enable vulnerable systems exploitation such as database fingerprinting, data collection from compromised databases, server’s underlying file system access, and execution of commands on the operating system through the out-of-bands connections. BIBLIOGRAPHY Dougherty, C. (2013). Practical identification of SQL injection vulnerabilities. Retrieved from https://www.us-cert.gov/sites/default/files/publications/Practical-SQLi-Identification.pdf Read More