Down in the weeds with sqlmap

| 0 comments

Here I plan to take a look at sqlmap and the capabilities that it provides in order to identify weakness in security so that this weakness can be addressed before a breach occurs. The tool sqlmap, like many tools, can both be used for good and bad depending upon the role of the individual. I approach this tool as a mechanism to perform penetration testing in order to uncover the vulnerabilities that otherwise may go unnoticed. If you are not sure what sqlmap is the best way I can define this tool is that it is an open source penetration tool that automates the process of detecting and exploiting SQL injection flaws and possibility taking control over the database services. The databases sqlmap supports are MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems. Of course there are so many features of sqlmap that it would take a great deal of time to cover them all. For the purpose of this article, I will focus on gaining visibility to a given database and this visibility includes tables, columns, user accounts, database roles, and of course the data. The more advanced …

Continue reading

Attacking a database with SQL Ninja

| 0 comments

I find it absolutely amazing the SQL injection is still a large problem when it comes to application security.  The fact is this type of injection attack is not overly difficult to mitigate, rather the fact is many developers do not understand the inherit flaws the inject into an application.  The purpose of this post is both educate and introduce a great tool named SQL Ninja, which is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. Before going any further I must state that this tool should NOT be used on any system that you do not own or have authorization to attack. This type of attack can land you in trouble with the law, so consider yourself warned. If you’re just getting started with application security then take a few minutes to watch this video presentation from SANS Security. Installing …

Continue reading

August 2012: .NET SQL Server Database Code Snippets

| 0 comments

How many times have you looked for a piece of code you’ve written in the past? You probably search high and low on your hard drive, scouring through past projects and code files. Or maybe you’ve tried searching your source code control repository with unsuccessful results. How much time do you waste looking for a particular routine only to not find it, which then causes you to rewrite the routine all over again? Let’s face it, as developers we beg, borrow, and steal as much code as we can in order to get our jobs done as quickly as possible. After all, the grand utopian vision of developers is code reuse – the ability to write blocks of code once and then reuse them again and again without having to rewrite them. But how often does that actually happen? Unfortunately, not often enough. Feel free to add the following snippets to your tool belt. /// <summary> /// Checks if a database exists /// </summary> /// <param name=”Database”>Name of the database</param> /// <param name=”ConnectionString”>Connection string</param> /// <returns>True if it exists, false otherwise</returns> public static bool DoesDatabaseExist(string Database, string ConnectionString) { return CheckExists(“SELECT * FROM Master.sys.Databases WHERE name=@Name”, Database, ConnectionString); } /// …

Continue reading

Product Review: Devart dbForge Schema Compare

| 0 comments

Database change management provides a set of tools which make the process of propagating database schema and data changes to multiple environments effortless. The problem that Database Change Management is attempting to solve: Most significant business applications rely on at least one relational database for persisting data As new features are developed, database schema changes are often necessary – i.e. new tables, columns, views, and stored procedures Database schema changes and corresponding code changes must always be deployed together Successful database change management requires that a consistent process be applied by all team members. Without a consistent process than the tools provided in this solution will not provide its full value. The proposed/ideal process that uses database change management tools would consist of: Each developer using their own local database to do their development work Each environment using its own database. i.e. Development, Testing, Staging, and Production Each developer maintains his changes locally When the database changes are ready to commit alongside the application source code, the developer create a change script that wraps all of the database changes into a single transactional change script. By now you’re probably asking yourself how in the world is it even possible to …

Continue reading

Database Security

| 0 comments

Databases are the core targets for hackers and they can be a source of vengeance when it comes to disgruntle employees.  In this case, the Human Resources (HR) group has requirements to house data that are used across the corporation from management to the level of employees, which requires numerous security considerations. Traditionally access control has been performed at the application level within code however if a database accounts properly for access control the value of this level of control begins to take shape.  The workflow demonstrated in figure 1 provides the needed foundation to address interfaces, enforcement, and access tokens.  While role based authorization at the database is not a new idea the concept of fine grain control accounts for rule based evaluations as well it is applied at row level which allows access to be controlled at the lowest level (Opyrchal, Cooper, Poyar, Lenahan, Zeinner, 2011).  By adopting this level of security data owners and database administrators are provided a valuable tool to ensure the proper person have the needed access and only during the times when access is required. Organizations must understand that data is the both the most valuable asset and at the same time it …

Continue reading