Everything you wanted to know about SQL injection
Nathan E Botts
/ Categories: Health IT Privacy & Security

Everything you wanted to know about SQL injection

But were afraid to ask...

From the Troy Hunt Article:

Put on your black hats folks, it’s time to learn some genuinely interesting things about SQL injection. Now remember – y’all play nice with the bits and pieces you’re about to read, ok?

SQL injection is a particularly interesting risk for a few different reasons:

  • SQL injection is a particularly interesting risk for a few different reasons:
    It’s getting increasingly harder to write vulnerable code due to frameworks that automatically parameterise inputs – yet we still write bad code.
  • You’re not necessarily in the clear just because you use stored procedures or a shiny ORM (you’re aware that SQLi can still get through these, right?) – we still build vulnerable apps around these mitigations.
  • It’s easily detected remotely by automated tools which can be orchestrated to crawl the web searching for vulnerable sites – yet we’re still putting them out there.

It remains number one on the OWASP Top 10 for a very good reason – it’s common, it’s very easy to exploit and the impact of doing so is severe. One little injection risk in one little feature is often all it takes to disclose every piece of data in the whole system – and I’m going to show you how to do this yourself using a raft of different techniques.
I demonstrated how to protect against SQLi a couple of years back when I wrote about the OWASP Top 10 for .NET developers so I’m not going to focus on mitigation here, this is all about exploiting. But enough of the boring defending stuff, let’s go break things!

Print
13862 Rate this article:
No rating
0Upvote 0Downvote
Tags: PrivacySecuritysqlsql injection

More links

  • Link to the original article Put on your black hats folks, it’s time to learn some genuinely interesting things about SQL injection. Now remember – y’all play nice with the bits and pieces you’re about to read, ok?
  • Ethical Hacking: SQL InjectionSQL injection remains the number one risk on the web today. Understanding how to detect it and identify risks in your web applications early is absolutely critical. This course goes through the risk in depth and helps you to become an ethical hacker with a strong SQL injection understanding. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

Related articles

Please login or register to post comments.
How to Protect Your Privacy as More Apps Harvest Your Data How to Protect Your Privacy as More Apps Harvest Your Data

How to Protect Your Privacy as More Apps Harvest Your Data

A New York Times Personal Tech series article by Brian X. Chen

Retrieved By Health eConsultation 0 15641 Article rating: 5.0

In this article written by Brian X. Chen from the New York Times he discusses some of the potential ways in which mobile apps that you download to your phone may be collecting and using your personal data in ways you did not know.

One of the key takeaways is that there are ways in which to protect yourself and tools that can help you figure out which apps are collecting your data and how to remove their ability to do so.

Read more
Stay Private: How to Hide Your Webcam, Mute Your Mic, and Turn Off Notifications Stay Private: How to Hide Your Webcam, Mute Your Mic, and Turn Off Notifications

Stay Private: How to Hide Your Webcam, Mute Your Mic, and Turn Off Notifications

An article from Zapier

Nathan E Botts 0 15563 Article rating: 5.0

One consideration as you gather and store more personal health information on your computer and devices is making sure that you are not inadvertently sharing this information (or some other aspect of your personal health) through your webcam or mic.

This article from Zapier outlines several different ways and some handy applications that can help you control this on your PC or MAC.

Read more
Determining the Value of Compromising Your Privacy Determining the Value of Compromising Your Privacy

Determining the Value of Compromising Your Privacy

An article from Engadget

Nathan E Botts 0 10543 Article rating: No rating

This article from the Engadget web magazine discusses how your online searching behaviors might be monitored by different companies that you are unaware about. This data is likely used to build profiles that may impact the advertisements you see, credit ratings received, and other potential social network aspects as of yet identified. 

Read more
Sharing Sensitive Health Information: Protect Your Privacy and Improve Your Health Sharing Sensitive Health Information: Protect Your Privacy and Improve Your Health

Sharing Sensitive Health Information: Protect Your Privacy and Improve Your Health

A guide from the Office of the National Coordinator for Health Information Technology

Nathan E Botts 0 54129 Article rating: 5.0

This 2-page ONC published graphic novel (aka comic book) is a short guide that helps illustrate why protecting your health privacy is important and issues to consider when sharing sensitive health information.

Read more
RSS

What is Health eDefense?

Health eDefense is the act of protecting your personal health information. This not only protects your privacy, security, and safety, but also protects the data of your family, friends, and others in your community.

The Health eDefense platform is dedicated to providing consumers with actionable information on how to protect their personal health information effectively from cyber threats. Health eDefense provides informational content and education related to cyber security, privacy and consent, security, and related topics and policies such as HIPAA and GDPR.

Cyber security is impacting our daily lives, and our personal and protected health information is a target for hackers and criminals looking to make money off of our personal data. Your personal health data will always be about your health, demographics, social, lifestyle, financial history, and other related details. Once taken, they cannot be taken back.

We think the best cybersecurity tool is education and awareness, and we hope to provide users with tools and insight to protect themselves and their data better.