1
00:00:00,210 --> 00:00:08,070
SQL-Injection derives from the possibility of injecting malicious data into the form of SQL

2
00:00:08,070 --> 00:00:17,850
code using any input channel such as querystring parameters sent via get HTTP method or fields of a

3
00:00:17,850 --> 00:00:27,840
data entry form sent via post. The malicious sql code changes server side, the legitimate query that the

4
00:00:27,840 --> 00:00:34,200
programmer wanted to do on the DBMS. By means of sql injection

5
00:00:34,200 --> 00:00:42,810
an attacker can even go so far as to recall system stored procedure and therefore directly interact

6
00:00:42,960 --> 00:00:47,880
with the server hosting the web application or the DBMS.

7
00:00:49,660 --> 00:00:58,570
The slide scenario illustrates the possibility for an attacker to bypass a possible login page by exploiting

8
00:00:58,570 --> 00:01:00,970
a vulnerability of SQL injection.

9
00:01:03,410 --> 00:01:12,410
As you can see, by injecting a malicious input an sql query is created that allows an attacker

10
00:01:12,410 --> 00:01:14,900
to bypass the login page.

11
00:01:17,870 --> 00:01:27,590
The attack techniques of sql injection can make use of operators such as the union operator to determine

12
00:01:27,600 --> 00:01:34,670
queries completely under the control of the attacker, as can be seen in the current slide.

13
00:01:36,720 --> 00:01:45,090
Among the best remedies to counter SQL injection is to create parametric server side queries,

14
00:01:45,300 --> 00:01:53,340
avoiding to concatenate the data from inputs with constant pieces of sql. In the slide

15
00:01:53,370 --> 00:01:58,290
We see an example of a parametric query created in Java.

16
00:01:59,460 --> 00:02:04,110
Let's see the continuation of the parametric query example in Java.

17
00:02:06,680 --> 00:02:14,540
Here is also an example in C Sharp of parametric query to avoid vulnerabilities of SQL injection.

18
00:02:16,610 --> 00:02:27,860
Here is where ADO.Net-based parametric query is created and executed, incidentally, if Linq to

19
00:02:27,860 --> 00:02:33,150
Entities or Linq to a SQL is used to query databases

20
00:02:33,620 --> 00:02:37,240
the problem of SQL injection does not exist.

21
00:02:39,580 --> 00:02:47,620
And here is another example of mitigation using a parametric query in a PHP Web application.

22
00:02:50,900 --> 00:02:56,300
Some in-depth links on the SQL injection vulnerability.

23
00:02:59,010 --> 00:03:07,960
We can see here a list of best practices taken from the OWASP secure coding guidelines about DBMS

24
00:03:07,980 --> 00:03:17,370
security. For example, use a least privilege policy when accessing the database, or do not leave

25
00:03:17,610 --> 00:03:23,310
the connectionstring authentication credentials hardcoded in the source code.

26
00:03:25,630 --> 00:03:34,960
Some other best practices on database security, such as disabling any unused DB default accounts.

27
00:03:37,330 --> 00:03:39,310
Thank you so much for your kind

28
00:03:39,340 --> 00:03:39,870
attention