Injection Vulnerabilities

00:00

Hello. My name's I happily Welcome to the overview off Secure Code in.

00:05

Who asked this? Open Web applications security projects is actually a reputable project for Web application vulnerabilities. So I want to take it. You got it stopped in on Archer verts, then? I mean, I openly Alani injection. There are different types of injection. We could have escalated injection,

00:23

held up injection on us. Injection my menu outside.

00:26

So both for Bacchus. Ah nde develop us. SQL injection is actually common, so we're going to be picking Erica SQL injection The intro The causes scenario Impact prevention solution on someone's question now in SQL injection on trusted it ties actually sent to the back end quote

00:46

usually from the U Zion toughies.

00:48

These aren't offices. The front end which the user in court interrupt streets. Now, in this case, the user is actually meant to enter some impudence for the user name and password, but the kind this case doesn't use on him. He doesn't have a passport.

01:03

Yeah, probably tested the application, which is standing so to realize that it is actually vulnerable too.

01:08

SQL injection. So it is going to craft some white tent some impurities in sweets because he knows the interpreter. Eyes gullible. The capital does not divided. So validating what the guy enters it just simply con consummate. These are entrusted money shows. Data

01:23

with the query are simply as acute. See, now look at it. Type of I 10. The type of impurity has actually crafted.

01:30

So

01:32

hey, you have 123 apostrophe or wanted boss one Now the ones who three year is as them to be. These aren't even though he doesn't even know if there's anybody who has a username wants a tree. So that would definitely feel boy here where you have one in close one Wallace before want which is true now here we are. The ash

01:51

ash is a comment stout in SQL

01:53

So what they've up comes beyond the ash will not be interpreted by the interpreter. So in this case, the capitalists noticed about it without subject. If user name is 123 or one, it was on The ACA is not actually sure this 123 by social off one, Of course one. So in this case,

02:12

everything in the database will be returned. If one equals one

02:15

now except if there's no R avenue for everything in the database to be displayed on the screen, it doesn't have any for everything to be displayed on the screen. I want itwas on. Everything will be displayed else. If there's only on a venue for one room or they thought to be displayed is just one.

02:32

They will be displayed in Mackey's. Now it could be one. It wants one. It could be three watts. True. So this is a very crafty impute. We're going to take a look at out is actually performed

02:43

real life on a backboard on Zampa will show, you know. So here

02:49

I'm on a professional called We club so you can sign up if your first time I bob and I come back, I use Yes, I have it.

02:57

They want to agree. So what's on signing? This is the part where you can actually perform the McCain miracles. So you gotta see this. Our top 10. So we actually have where, Then start with SQL injection. So where then start with unauthorized Logan. So I'm going to craft the same kind of thing I can do. Mimi,

03:15

then acquitted. Then I'll see all

03:19

two walls to actually don't know if there's a username called me, but I know two warders because it through anywhere in the world that are going to put on ash here to, um,

03:30

so neutralized everyone. I had them in the query that says they so once I stopped me. Actually, if your child gets up these, you find out that there's no user name called me. So let's take a look at it. It's obvious

03:40

this is the user design user names you can see we are. He wants 34 We don't have any of them. That is maybe, but it was to be able to lock it in because I'm going to the city. Our interpreter with this two equals two. So let's submits.

03:54

Once we submitted, Cassie has opened up the wallet. Be the weapon is actually a sensitive big way or your wallets. Credit details Our farm like agency. Yeah, is your personal well that beat you can access the next time to see or well educated? Wow. So that's simply to tell you that

04:12

it is a very sensitive is our national Sony's logo.

04:15

What's right? Don't show you one adjectives on exposed but I've been able to look in with my account with that crafty impute. Now, now let's city busy came for

04:27

you can see this is it for you. Find out that a four is lasts at them. Here

04:33

is the last one on this room. So that's simply to tell you that if I add the other new off this plane, everything on this train, everything would have been displayed. But because the club is just going to display only one set off detail and that's why it's a pick, the last one

04:48

in Darkest. So you guys see, I can see the person's age. All these are personal, identifiable information. Now let's look at the wall and sinful.

04:57

Wow, this is the credit card is the pain, and there's the balance. Is Adrian Bar car registration to two. So I can just till this information on dhe begin to use it where I want Now this is for it, for you can see now what's to logging.

05:13

I'm going to choose, which wants to actually make do it like I don't see jagga. Then our provides up and do or and I don't do for the four equals 44 in this case. Now I'm going to put on ash here,

05:29

but before I put the ash, I want to be able to specify those details I want to say. So I'm going to do we need one? I can do off. Say it's one so it simply means out offset one.

05:40

Hey means I want so Lim Wan, I need just one set of data. So in this case, after I want is the 2nd 1 So if you saw me, this is going to review this Akane passing

05:51

in the table.

05:54

You got seduced it, Sue

05:56

they got his wallet is in full, so I can still do the same.

06:00

I can't do the same to Yeah, I see puku

06:05

then provide up. Then I can do to equals true. Then doodly meets one, then do offsets

06:15

true in Darkest. Then I need to put on ash in this case. So separate it from the cash then submitted or you're saying try again, *** it! Something is drunk somewhere. Okay, maybe limits one. So miss it

06:29

or something is wrong in this case too. So here. Oh, there's our old idea fixing day. So it's going to be true or soup because to somebody that, yeah, it goes in ST So it's going to because pick for the top person So you can see that purposes. So that is simply our SQL injection actually walks.

06:48

Now you have seen out this works such as prevalent in sq is preventing the British system on held out system.

06:56

SQL injections constitute about 51% of cyber attacks on Web applications in the second quarter of 2007. So you guys see deciding time so post are imputed to use. This is a commenced artisan comenta These are communist also always find a way to remove them. Sanitize them from your impute stood up

07:15

your interpreter I would not for pre also

07:16

so another course is gullible interpreter Most of our interpreters are going just upset Whatever I sent to them from the front end on, they begin to interpret. So what? Impact off some of these things like we have seen you did die a special. I've been able to see

07:31

people's details from their denial of access. I can't log in then change the password on the on the actual you know? No babe, it's working again. I'm denying him off the acid

07:42

there can be completely covered. It can be data corruption like I even objects is an SQL injection. I can't believe. What about that, Carlos? I can't delete on Do any order Athenian darkies. Now

07:53

what? How do you know Prevent SQL injection? The best bet is to use a safety piak now totally avoid use off interpreter. So because we know most of those interpreters are going

08:03

so uses if FBI now avoided, then allow one is used during layout. Sanitization off in pubes

08:11

like if your beauty Oh, your application in an M v c model Emmett's mother v for view and see for controller you got sanitized it anymore. They're level. You got to sanitize it at the control I live. Then you can do black police the white least they can do Ask your limits so that

08:28

everything will not be destroyed or lots once they're black, please, for I think they are not going to be

08:33

using, like all those comments star so that wants our educational system to simply neglects them. So let's take a look at our attempted to prevent SQL injection simply by sanitization Now I'll take you through the court in Jack. Sean Jarvis. So this is more or less like my controller

08:52

where I have ingestion.

08:54

Um, the G is. I think I have a method called sanitizing Cassie to sanitize things like this upper stuff. It is like business like that on it's removed them from the impudence that user are brings in. So I'm going to, um,

09:11

go back to being a ghost is our entire. So I'm just going to call the function at this point. So here we are. Sanitize, then here I'm going to put out there. So we have a son goodbyes,

09:24

which is the name of the function. I showed your area. So does it. So I'm great toe. Say that.

09:31

Yes, I saved out. I'll go back to my court

09:35

here,

09:35

Arthur. Rerun it. So which I've just don't or are. Simply

09:43

do this. Now I'll go back to that s cure on. Enter the same thing and let's see if it will go. So I'll be on my way to end our really

09:52

These

09:54

all so equals so close to. Then I'll put on ashen napkins. So let's save it to go.

10:01

Oh, it's actually goes true, and that's simply because the application has not being fully deployed. But once we deployed correctly, I can assure you that that's will not walk. So maybe I should blogging again yet.

10:18

So here I have

10:20

a read, then here, Have, um 123 So I'm going to submit that. So let's come out to this unauthorized Claudine, then have, um,

10:33

e like essay. Oui, oui. Again.

10:35

Really? Then I put this than I do on all and one because one and puts on Ashton submits it.

10:43

Well, it still goes true. So I guess something is wrong with it. So I can assure you that at this point, I think I need to redeploy the old application. Olive, I again. But I can assure you that at this point wants you include this sanitised. It's real. Sanitize it. I mean it. I showed that those strength characters on actually

11:03

used in that case.

11:05

So that is also prevent Ask your there could be other ways or preventing its docket. So this time I didn't find the wrong statements. And this is it's a B, C or D.

11:16

Here we have SQL injection is a common solution to most vulnerabilities apart because of their own statement is not a solution in this case. So I don't want his SQL injection is on our back, in which dash code is a Saturday into strength a little pastor and his pants off the scale. Summer

11:33

one is my initials. We don't doubt clean non magicians inside my initials.

11:37

Also off taking with the introduction of SQL on ejection in which carefully crafted could ascend to the backhand to exploit the weakness of the interpreter. Then, um,

11:50

where the one off the coast this is on sanitized, impure. Then I showed your scenarios. I showed you the impact of that on outside, prevented by simply sanitizing your impure. So I guess the injection is a peek. A boo is only applicable to Web. Application is also applicable to desktop applications.