1. One reasearch database injection attack,research and discuss the mitigation for that specific threat. Please show...

question1).

One reasearch database injection attack,research and discuss the mitigation for that specific threat.
Please show Citation.

answer)

SQL INJECTION ATTACT

SQL Injection (SQLi) is an injection attack where an attacker executes malicious SQL statements to control a web application’s database server, thereby accessing, modifying and deleting unauthorized data.

In the early days of the internet, building websites was a simple process: no JavaScript, no, CSS and few images. But as the websites gained popularity the need for more advanced technology and dynamic websites grew. This led to the development of server-side scripting languages like JSP and PHP. Websites started storing user input and content in databases. MySQL became the most popular and standardized language for accessing and manipulating databases. However, hackers found new ways to leverage the loopholes present in SQL technology. SQL Injection attack is one of the popular ways of targeting databases. SQL Injection targets the databases using specifically crafted SQL statements to trick the systems into doing unexpected and undesired things.

What can SQL Injection do?

There are a lot of things an attacker can do when exploiting an SQL injection on a vulnerable website. By leveraging an SQL Injection vulnerability, given the right circumstances, an attacker can do the following things:

• Bypass a web application’s authorization mechanisms and extract sensitive information
• Easily control application behavior that’s based on data in the database
• Inject further malicious code to be executed when users access the application
• Add, modify and delete data, corrupting the database, and making the application or unusable
• Enumerate the authentication details of a user registered on a website and use the data in attacks on other sites

It all depends on the capability of the attacker, but sometimes an SQL Injection attack can lead to a complete takeover of the database and web application. Now, how does an attacker achieve that?

How do SQL Injection attacks work?

A developer usually defines an SQL query to perform some database action necessary for his application to function. This query has one or two arguments so that only desired records are returned when the value for that argument is provided by a user.

An SQL Injection attack plays out in two stages:

1. Research: Attacker gives some random unexpected values for the argument, observes how the application responds, and decides an attack to attempt.
2. Attack: Here attacker provides carefully crafted value for the argument. The application will interpret the value part of an SQL command rather than merely data, the database then executes the SQL command as modified by the attacker.

EXAMPLE

Consider the following example in which a website user is able to change the values of ‘$user’ and ‘$password’, such as in a login form:

1$statement ="SELECT * FROM user where username = '$user' AND password '$passw' "

This particular SQL statement is passed to a function which in turn sends the string to the connected database where it is parsed, executed and returns a result.

#Define POST variables

uname = request.POST['username']

passwd = request.POST['password']

#SQL query vulnerable to SQLi

sql = “SELECT id FROM users WHERE username=’” + uname + “’ AND password=’” + passwd + “’”

#Execute the SQL statement

database.execute(sql)

Now, if the input is not properly sanitized but the application, the attacker can easily insert carefully crafted value as input. For example something like:

1$statement ="SELECT * FROM user where username = 'dean' OR '1'='1'- -' AND password ='Winchesters' ";

So, what’s happening here? The highlighted part is the attacker’s input, it contains 2 special parts:

• OR ‘1’ = ‘1’ is a condition that will always be true, thereby it is accepted as a valid input by the application
• –(double hyphen) instructs the SQL parser that the rest of the line is a comment and should not be executed

Once the query executes, the SQL injection effectively removes the password verification, resulting in an authentication bypass. The application will most likely log the attacker in with the first account from the query result — the first account in a database is usually of an administrative user.

Note that this is just one way of exploiting the SQL Queries to get the necessary information in an unofficial way. SQL Injection attacks are divided into multiple types.

question2).

Describe an instance of a data breach that has been made public in the news.
Describe the cause of the breach.

Investigate what mitigation could have been put in place to avoid the data breach.

answer)

an instance of a data breach that has been made public in the news.

• Idaho Power Co. (Boise, ID): Four hard drives sold on eBay in 2006 contained hundreds of thousands of confidential documents, employee names and SSNs, and confidential memos to the CEO.
• A computer at Loyola University containing names, Social Security numbers, and some financial aid information for 5800 students was disposed of before the hard drive was wiped.
• The Georgia Dept. of Human Resources notified parents of infants born between 4/1/06 and 3/16/07 that paper records containing parents' SSNs and medical histories -- but not names or addresses -- were discarded without shredding.
• Boston Globe used recycled paper containing credit, debit card, and personal check routing information for printing and for wrapping newspaper bundles for distribution. As many as 240,000 records were potentially exposed.
• Photocopiers that were used to copy sensitive medical information were sent to be re-sold without wiping the hard drives. The data was discovered in the warehouse storing the copiers.

mitigation could have been put in place to avoid the data breach.

• Destroy or securely delete sensitive data prior to re-use or disposal of equipment or media. For information on how to securely delete files, see PC/Mac, or email.
• Work with Copy Services or ITS to securely erase printers, fax machines and photocopiers before disposal, resale or returning them to the vendor.
• Shred sensitive paper records before disposing of them. Do not re-use them where the information could be exposed.