Cruel SQL Injection | Web Application Attacks | Summary - PowerPoint PPT Presentation

About This Presentation
Title:

Cruel SQL Injection | Web Application Attacks | Summary

Description:

Malicious actors continue to deploy SQL injection (SQLi) attacks to carry out their cybercriminal activities. The Threat Research team at Akamai designed a technique to categorize these attacks by examining attack payloads and determining the intent behind each attack. They analyzed 8 million SQLi attacks over a seven-day study period from Akamai's Kona Site Defender web application firewall (WAF) and distilled the information, identifying the observed attacks and their goals, as well as pertinent attack stats from the study. This presentation offers a quick view of the results. Get more details in the full State of the Internet Security Report at – PowerPoint PPT presentation

Number of Views:39
Slides: 10
Provided by: AkamaiAkamai
Category: Other

less

Transcript and Presenter's Notes

Title: Cruel SQL Injection | Web Application Attacks | Summary


1
Q1 2015 Cruel (SQL) Intentions
2
SQLi attacks case study
  • Technique used to exploit web applications
  • Attackers change the logic of SQL statements
    executed against a database
  • Although not new, SQL injection (SQLi) attacks
    continue to pose cloud security risks
  • Attackers may use the original or more evolved
    SQLi exploitation methods
  • Automated injection tools streamline and simplify
    the process

2 / The State of the Internet / Security (Q1
2015)
3
SQLi attack categorization
  • Akamais Threat Research team developed a
    technique to categorize SQLi attacks
  • This technique involved analyzing individual
    attack payloads and determining intent behind
    each one
  • The data included more than 8 million SQLi
    attacks targeting more than 2,000 unique web
    applications over a period of seven days

3 / The State of the Internet / Security (Q1
2015)
4
SQLi attack types
  • Malicious actors typically assess a web
    application for vulnerability to SQLi
  • The database structure is probed so that the
    attacker can retrieve contents remotely
  • The login mechanism is bypassed, allowing the
    attacker to escalate privileges
  • A common and classic payload would be to send the
    payload OR 11 as the user name, then
    attempting to escalate privileges by logging in
    with user name admin or 11--.

4 / The State of the Internet / Security (Q1
2015)
5
SQLi attack types (continued)
  • Other SQLi attack types can include
  • Credential theft
  • Data and file exfiltration
  • Denial of Service (DoS)
  • Data corruption
  • Malicious file upload
  • Website defacement and malicious content
    injection
  • Remote command execution

5 / The State of the Internet / Security (Q1
2015)
6
SQLi probing and testing
  • The most common SQLi attack over the seven-day
    study period was SQLi probing and injection
    testing.
  • As a first step, malicious actors will assess all
    entry points of a web application in search for a
    vulnerability
  • The attacker will send a wide range of characters
    with syntactic meaning in SQL as well as
    blind-injection related Boolean sequences or
    timed queries
  • These queries naturally results in large volumes
    of traffic
  • Nearly 60 percent of HTTP transactions are
    attributable to these probing attempts

7 / The State of the Internet / Security (Q1
2015)
7
summary
  • Malicious actors use a variety of SQLi techniques
    to perform different tasks
  • These attacks can extend well beyond simple data
    exfiltration, and have the potential to cause
    more damage than a data breach
  • It is not safe to assume that SQLi attacks lead
    only to data theft
  • Privilege escalation, command execution, data
    infection or corruption, and denial of service
    are among the many ways these attacks can harm
    your business

8 / The State of the Internet / Security (Q1
2015)
8
Q1 2015 State of the Internet Security Report
  • Download the Q1 2015 State of the Internet
    Security Report
  • The Q1 2015 report covers
  • Analysis of DDoS and web application attack
    trends
  • Bandwidth (Gbps) and volume (Mpps) statistics
  • Year-over-year and quarter-by-quarter analysis
  • Attack frequency, size, types and sources
  • Security implications of the transition to IPv6
  • Mitigating the risk of website defacement and
    domain hijacking
  • DDoS techniques that maximize bandwidth,
    including booter/stresser sites
  • Analysis of SQL injection attacks as a persistent
    and emerging threat

9 / The State of the Internet / Security (Q1
2015)
9
about stateoftheinternet.com
  • StateoftheInternet.com, brought to you by Akamai,
  • serves as the home for content and information
    intended to provide an informed view into online
    connectivity and cybersecurity trends as well as
    related metrics, including Internet connection
    speeds, broadband adoption, mobile usage,
    outages, and cyber-attacks and threats.
  • Visitors to www.stateoftheinternet.com can find
    current and archived versions of Akamais State
    of the Internet (Connectivity and Security)
    reports, the companys data visualizations, and
    other resources designed to put context around
    the ever-changing Internet landscape.

10 / The State of the Internet / Security (Q1
2015)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Cruel SQL Injection | Web Application Attacks | Summary" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!