secure programming laboratory 3 injection
play

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur - PowerPoint PPT Presentation

Nov 24, 2022 •11 likes •81 views

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th March 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

  1. Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th March 2019

  2. Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other resources are available online via the course web page.

  3. What is this lab about? Discussion of previous lab / coursework part 1 ◮ If you have question about the last two labs or the coursework part 1, ask us. Basic SQL Injection ◮ Task 1 Revisiting SQL Statements ◮ Task 2 ~ 3 SQL Injection Attack (in PHP) ◮ Task 4 Countermeasure for SQL Injection Additional Challenges ◮ Question A1 Second order SQL injection (in Java) ◮ Question A2 Linkers and dynamic library injection

  4. What do we hope you will learn? ◮ Revisiting SQL Statements ◮ Understanding SQL injection and countermeasures ◮ Understanding second order SQL injection and countermeasures ◮ Understanding the dynamic linker and code injection

  5. Warning ◮ You will be attacking a web server, be careful not to execute your command outside of the Seed lab. ◮ You will be attacking the web server on the URL http://www.SEEDLabSQLInjection.com . We have modified the host file in the seed lab to point this URL to the localhost of the SEED Lab. Don’t change this setting, it prevents you from attacking the dice environment or the real network. ◮ ALWAYS KEEP YOUR ATTACKS WITHIN THE SEED LAB ENVIORNMENT

  6. Solutions and Checkpoints You do not need to submit a lab report to us, but please keep answers to the checkpoint questions for your own use, to check your understanding and when revising the material for the lab. Please do not post solutions on any forum. If solutions are distributed it will spoil the experience for other students using SEED labs around the world. During the lab we will provide individual help and guidance, and also make announcements during the lab with hints and tips. You can always discuss the checkpoint question or any materials with us during the lab section or through Piazza.

  7. Good Luck! We hope you enjoy the lab.

Recommend

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen /

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen /

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen / David Aspinall 1st November 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur (in abstentia),

536 views • 8 slides
Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan / David Aspinall 13th February 2019 Orientation This is the second Laboratory Session for Secure Programming It is convened by Arthur and David. The

332 views • 14 slides
Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and

556 views • 8 slides
Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall 27th March 2019 Orientation This is the final Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

113 views • 8 slides
Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th

Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th

Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th October 2019 Orientation This is the first Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

570 views • 11 slides
Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th March 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

441 views • 8 slides
VOTD: SQL Injection Engineering Secure Software Last Revised: September 3, 2020 SWEN-331:

VOTD: SQL Injection Engineering Secure Software Last Revised: September 3, 2020 SWEN-331:

VOTD: SQL Injection Engineering Secure Software Last Revised: September 3, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is SQL Injection? Manipulating query strings to execute code Injecting SQL commands into

379 views • 9 slides
VOTD: OS Command Injection Engineering Secure Software Last Revised: September 17, 2020

VOTD: OS Command Injection Engineering Secure Software Last Revised: September 17, 2020

VOTD: OS Command Injection Engineering Secure Software Last Revised: September 17, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is OS Command Injection Executing arbitrary commands on the host OS via a vulnerable

272 views • 8 slides
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Overviewtrated Account Summary Account: Account: "SELECT

445 views • 32 slides
Secure Programming Laboratory 3: Web app security Joseph Hallett and David Aspinall, Informatics

Secure Programming Laboratory 3: Web app security Joseph Hallett and David Aspinall, Informatics

Secure Programming Laboratory 3: Web app security Joseph Hallett and David Aspinall, Informatics @ Edinburgh 14th March 2014 What is this lab about? Web app security with Gruyere Lab from Google Worth working through Were just

84 views • 5 slides
Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Systems and Software Verification Laboratory Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Secure C Programming Lucas Cordeiro (Formal Methods Group)

1.63k views • 144 slides
Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert Felty Speech Research Laboratory Indiana University Sep. 08, 2008 Network tools ssh secure remote login to another computer sftp secure file

594 views • 38 slides
5.2) Injections (part 2) Shell Injection, XML Injection, LDAP injection Emmanuel Benoist Spring

5.2) Injections (part 2) Shell Injection, XML Injection, LDAP injection Emmanuel Benoist Spring

5.2) Injections (part 2) Shell Injection, XML Injection, LDAP injection Emmanuel Benoist Spring Term 2016 Berner Fachhochschule | Haute cole spcialise bernoise | Berne University of Applied Sciences 1 Table of Contents Injection in PHP

995 views • 73 slides
A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks databases into reveal l information by way of the success or failure of injected querie ies Analogous example le: Login prompt that stops ps

602 views • 14 slides
Injection mismatch type of injection mismatch will lead to an emittance blow-up. Off axis

Injection mismatch type of injection mismatch will lead to an emittance blow-up. Off axis

Injection mismatch: As a rule, proton/ion accelerators need their full aperture at injection, thus avoiding mismatch allows a beam of larger normalized emittance * and containing more Protons. In proton/ion ring accelerators any Injection

454 views • 4 slides
A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application

A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application

A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application into executing commands or code embedded in data Data and code mixing! Often injected into interpreters SQL, PHP, Python, JavaScript, LDAP,

377 views • 14 slides
INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

TECHNOLOGY APPLICATIONS FOR HYDRO ISOLATION AND REPAIR OF UNDERGROUND FACILITIES INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible mass of mineral origin, for both dry and wet surfaces solvent-free,

487 views • 21 slides
INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

TECHNOLOGY APPLICATIONS FOR HYDRO ISOLATION AND REPAIR OF UNDERGROUND FACILITIES INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible mass of mineral origin, for both dry and wet surfaces solvent-free,

466 views • 29 slides
Secure Programs via Game-based Synthesis Somesh Jha, Tom Reps, and Bill Harris 1 Tuesday,

Secure Programs via Game-based Synthesis Somesh Jha, Tom Reps, and Bill Harris 1 Tuesday,

Secure Programs via Game-based Synthesis Somesh Jha, Tom Reps, and Bill Harris 1 Tuesday, October 22, 13 One-slide summary Secure programming on a conventional OS is intractable Privilege-aware OSs take secure programming from

2.28k views • 195 slides
CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs 5:00-6:20PM Deian Stefan UC San Diego Who am I? New assistant professor PhD at Stanford (Mazieres & Mitchell) I like to build secure

896 views • 50 slides
SQL Injection Last Few Lectures XSS - Cross-site scripting XSRF/CSRF - Cross-site request

SQL Injection Last Few Lectures XSS - Cross-site scripting XSRF/CSRF - Cross-site request

SQL Injection Last Few Lectures XSS - Cross-site scripting XSRF/CSRF - Cross-site request forgery Code Injection Attacks Attacker executes arbitrary code on server Programming the program Not sanitizing user

287 views • 11 slides
Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that are Ubiquitous Connected Dependable Complexity Unforeseen Consequences Software Security Today The line between secure/insecure is

624 views • 48 slides
Injection Safety Every Provider s Responsibility Outline Safe Injection

Injection Safety Every Provider s Responsibility Outline Safe Injection

Injection Safety Every Provider s Responsibility Outline Safe Injection Practices The ONE and ONLY Campaign Outbreak History Mistaken Beliefs A Call to Action Resources and Information

591 views • 20 slides
Return-oriented Programming: Exploitation without Code Injection Erik Buchanan, Ryan Roemer,

Return-oriented Programming: Exploitation without Code Injection Erik Buchanan, Ryan Roemer,

Return-oriented Programming: Exploitation without Code Injection Erik Buchanan, Ryan Roemer, Stefan Savage, Hovav Shacham University of California, San Diego Bad code versus bad behavior Bad code versus bad behavior Bad Bad Good

548 views • 53 slides

More recommend