DEV Community

Cover image for SQL Injection (Got a place in the OWASP Top 10) πŸ§‘πŸ»β€πŸ’»
Keerthika K
Keerthika K

Posted on

SQL Injection (Got a place in the OWASP Top 10) πŸ§‘πŸ»β€πŸ’»

SQL Injection (Got a place in the OWASP Top 10) πŸ§‘πŸ»β€πŸ’»

Definition:
As the name says, the attacker injects malicious SQL code into the database through user input fields

Are these harmful?⚠️
These queries can retrieve, modify, or delete data (data integrity issue), escalate privilege, and give unauthorized access to sensitive data. Sooo, leaving it to you to decide whether it’s harmful or not… 😏


Occurs Due To…? πŸ€”
Mostly Developer! πŸ‘¨β€πŸ’»πŸ‘©β€πŸ’» Yes, you heard that right. Whenever developers do not properly sanitize input and simply insert user input into the database, the bad guys (attackers) take advantage of it.
Example:
select * from bank where user_id=1867 or 1=1
Since 1=1 is always true , it bypasses normal authentication and the query is successfully executed.


Wanna know deeper..? Let’s explore the types of SQL injection (mainly 5) πŸ”

  1. In-band SQL Injection Same as aboveβ€”here, the attacker uses the application interface and sends the query. As simple as that, but extremely common ⚑
  2. Out-of-band SQL Injection Rare but dangerous 😈 (evil laugh). Bad guys use different communication channels to steal data from the database.
  3. Error-based Learning from flaws πŸͺ² Yes, the attackers do this too. They learn about the DB structure/schema from error messages and use them for attacks.
  4. Blind SQL Injection Try, try, try... 🎯 Ahhh, the attackers follow this too. They observe the behavior of the application by using different boolean conditions and gather info about the DB.
  5. Time-based SQL Injection Delayed time ⏳—no worry, unless the query runs successfully. Attackers send a query with a time delay and, based on response time, can tell if their query worked or flopped. Example: select * from user where id=265 and sleep(5); ________________________________________

Prevention is Better than Cure πŸ›‘οΈ (Maintain hygienic practice in coding too 😭😭)

  1. βœ… Use prepared statements & parameterized queriesβ€”these treat user input as β€˜data’, not as part of the SQL query.
  2. πŸ“¦ Stored Procedures can Avoid dynamic construction of SQL queries.
  3. πŸ“ Whitelist input by validating before using them in queries.
  4. βš™οΈ Use ORM frameworks (Hibernate, Entity Framework), as these automatically handle query generation and can help block dynamic queries.
  5. πŸ”’ Restrict privilege and provide only required privilege for usersβ€”don’t allow DROP or ALTER permissions for everyone.
  6. 🐞_Handle errors wisely _by displaying only generic messages to the user.
  7. πŸ› οΈ Use automated tools like SQLMap, Burp Suite, OWASP ZAP for scanning vulnerabilities.
  8. πŸ•΅οΈ Perform regular penetration testing with a pen tester.
  9. πŸ“š Follow secure coding practices _and educate everyone around you. _______________________________________

So I am concluding by saying,✨
β€œStay aware, build wise, stay safe.” πŸ’‘
Thank you for reading πŸ™‚
If you have any doubts, kindly drop them in the comment section 🀷
What topic should I cover nexttt..?

Top comments (0)