1. How SQL injection attacks happen? Types of SQL injection
attacks.
SQL injection attacks happen when an attacker is able to inject malicious SQL code into
a database query in order to trick the database into executing unintended actions. This is
often possible because of poor security practices, such as not properly validating user
input before incorporating it into a SQL query. For example, if an application is supposed
to only allow users to enter numbers into a form field, but it doesn't properly validate the
input, an attacker could enter malicious SQL code into the form field, which could then
be executed by the database when the query is run.
There are several types of SQL injection attacks, including:
In-band SQL Injection: In this type of attack, the attacker uses the same channel to
both launch the attack and gather the results.
Inferential SQL Injection: In this type of attack, the attacker does not directly see the
results of their attack, but can infer them based on the changes in the application's
behavior.
Out-of-band SQL Injection: In this type of attack, the attacker uses a different channel
to gather the results of the attack, such as making an HTTP request to a server that is
under their control.
Blind SQL Injection: In this type of attack, the attacker is unable to directly see the
results of their attack, and must rely on other techniques, such as asking the database
true or false questions, to gather information.
2. How to defend against SQL Injection attacks?
There are several ways to defend against SQL injection attacks, including:
●
Properly validating user input: It is important to validate all user input to ensure
that it is of the correct type and format before incorporating it into a SQL query.
This can help to prevent attackers from injecting malicious code into the query.
●
Using parameterized queries: Parameterized queries, also known as prepared
statements, allow you to specify the parameters of a query separately from the
SQL code itself. This can help to prevent SQL injection attacks because the
database will treat the parameters as separate values rather than part of the SQL
code.
●
Escaping special characters: Special characters, such as single quotes and
semicolons, can be used by attackers to terminate a SQL query and inject their
malicious code. Escaping these characters, which involves adding a backslash
before them, can help to prevent SQL injection attacks.
●
Implementing least privilege: It is important to ensure that the database user
account has the minimum level of privileges necessary to perform its functions.
This can help to prevent attackers from gaining access to sensitive data or
performing unauthorized actions on the database.
●
Regularly patching and updating: It is important to regularly patch and updates
your database management system and any other software that interacts with
the database, as these updates often include security fixes that can help to
prevent SQL injection attacks.
3. Common Flaws and Web Server attacks Methods.
●
Misconfiguration
One common web server attack method is misconfiguration. This occurs when a
web server is not properly configured, which can lead to security vulnerabilities.
Misconfiguration can also occur if an administrator fails to update the web server
software or apply security patches, which can leave the server open to known
vulnerabilities.
To defend against misconfiguration attacks, it is important to properly configure
the web server and regularly update and patch the server software. It is also
important to disable any unnecessary services or features on the server and to
set strong and unique passwords for all user accounts.
●
Input Validation
Input validation is a technique that can help to prevent web server attacks by
ensuring that all user-supplied input is valid and properly formatted before it is
processed by the server. This can help to prevent attackers from injecting
malicious code or other malicious input into the server, which could be used to
gain unauthorized access or perform unauthorized actions.
To implement input validation, you can use a combination of techniques, such as:
Properly validating input data type and format, sanitizing input data, and using
whitelists.
●
Cross-Site Scripting
Cross-Site Scripting (XSS) is a type of web server attack in which the attacker
injects malicious JavaScript code into a web page in order to steal sensitive
information from users or perform other unauthorized actions. This type of attack
is possible because many web applications do not properly validate
user-supplied input, which allows attackers to inject malicious code into the web
page.
To defend against XSS attacks, it is important to properly validate all
user-supplied input and sanitize it to remove any potentially harmful characters or
code. This can help to prevent attackers from being able to inject malicious code
into the web page.
●
Unvalidated Redirects and Forwards
Unvalidated redirects and forwards are a type of security vulnerability that can
occur in web applications. This type of vulnerability occurs when a web
application allows users to specify a URL to which the application will redirect or
forward them, without properly validating the URL.
To defend against unvalidated redirects and forwards, it is important to properly
validate all user-supplied URLs before redirecting or forwarding the user to that
URL.
●
Insecure Logon Systems
Insecure logon systems are a type of security vulnerability that can occur in web
applications. This type of vulnerability occurs when a web application's logon
system is not properly designed or implemented, which can make it easy for
attackers to gain unauthorized access to the application.
There are several ways that a logon system can be insecure, including Lack of
password complexity requirements, Lack of password expiration, Lack of
password history, and Lack of account lockout.
To defend against insecure logon systems, it is important to implement strong
password requirements and policies.
●
Scripting Errors
Scripting errors are a type of security vulnerability that can occur in web
applications. This type of vulnerability occurs when a web application contains
errors or bugs in its scripting language, such as JavaScript or PHP, which can be
exploited by attackers to gain unauthorized access or perform unauthorized
actions on the application.
Scripting errors can occur for a variety of reasons, including:
Poorly written .code, Lack of testing, Use of outdated or unsupported libraries
To defend against scripting errors, it is important to properly test and validate all
code before deploying a web application and use only supported and up-to-date
libraries and frameworks in your code.
●
Session Management Issues
Session management issues are a type of security vulnerability that can occur in
web applications. This type of vulnerability occurs when a web application does
not properly manage user sessions, which can allow attackers to gain
unauthorized access to the application or perform unauthorized actions.
There are several ways that session management issues can arise, including
Insecure session IDs, Lack of session expiration, Lack of session protection
To defend against session management issues, it is important to implement
strong session management practices, such as using secure and
randomly-generated session IDs, regularly expiring inactive sessions, and
protecting user sessions with encryption and other security measures.
Additionally, you should regularly monitor and audit your web application's
session management practices to ensure that they are secure and effective.
●
Protecting Cookies
Cookies are small pieces of data that are used by web applications to store
information about users and their interactions with the application. Cookies are
typically stored on the user's computer and are sent back to the web application
each time the user makes a request to the application. Cookies are a useful tool
for web applications, but they can also be a security risk if they are not properly
protected.
To protect cookies, it is important to implement the following measures: Use
secure cookies, Use HTTP-only cookies, and Use short expiration times.
●
Encryption Weaknesses
Encryption is a method of encoding information to prevent unauthorized access.
In a web application, encryption is used to protect sensitive information, such as
user passwords, credit card numbers, and other personal data. But, if an
application's encryption is not properly implemented or configured, it can be
vulnerable to attack.
To protect against encryption weaknesses, it is important to implement strong
encryption practices, such as using strong encryption algorithms and regularly
updating and renewing encryption keys. Effective measures for protecting against
encryption weaknesses include: Using secure protocols, Implementing key
management, and Educating users.
●
Directory Traversal Attacks
Directory traversal attacks are a type of security vulnerability that can occur in
web applications. This type of attack allows an attacker to access files and
directories on a web server that they are not normally allowed to access.
To defend against directory traversal attacks, it is important to properly validate
and sanitize all user-supplied input, including path information. This can help to
prevent attackers from manipulating the path information in a way that allows
them to access restricted files and directories.
4. Injection Flaws
Injection flaws are a type of security vulnerability that occurs when an attacker is able to
inject malicious code or data into a web application in order to gain unauthorized access
or perform unauthorized actions. There are several different types of injection flaws,
including:
SQL injection: This type of attack involves injecting malicious SQL code into a web
application's database query in order to gain unauthorized access to sensitive data or
perform unauthorized actions on the database.
Tools: SQL Map, BBQSQL, NoSQL Map, jSQL, DSSS
Command injection: This type of attack involves injecting malicious commands into a
web application in order to gain unauthorized access to the server or perform other
unauthorized actions.
Tools: Commix
LDAP injection: This type of attack involves injecting malicious LDAP commands into a
web application in order to gain unauthorized access to an LDAP directory or perform
other unauthorized actions.
Tools: LDAP-Injector
5. Web Server Application Pen Testing.
●
Authentication Testing
●
Session Management Testing
●
Data Validation Testing
6. How to do the penetration testing of DDOS(Danial of
Service) Attack?
7. How does the attacker communicate successfully in the
man-in-the-middle attack?
8. How to do the Network Scanning Penetration testing.