Module 4: Deep Dive – Injection Vulnerability

by
Contents hide
1 INTRODUCTION – DEEP DIVE – INJECTION VULNERABILITY
2 INJECTION VULNERABILITY
3 SQL INJECTION
4 SOFTWARE VULNERABILITIES
5 DEEP DIVE – INJECTION VULNERABILITY
6 CONCLUSION – Deep Dive – Injection Vulnerability
Spread the love

INTRODUCTION – DEEP DIVE – INJECTION VULNERABILITY

In this very module, you will be able to listen to the opinion an Subject Matter Expert from IBM reveals about the prevalently existing Injection vulnerabilities. You will also be able to learn basis concepts of OS Command Injection as well as SQL Injection.

Objectives of Learning:

  • Detect and analyze code vulnerabilities using Snyk
  • Create and modify repositories on GitHub
  • Assess the security weakness in web applications using OWASP ZAP
  • Common vulnerabilities, attacks, and defenses
  • Describe non-SQL injection attacks, including NoSQL, XPath, and LDAP
  • Prevent SQL injection
    Identify the common types of SQL injection
  • Explain how the SQL injection works
  • Identify ways to prevent command injection in the OS
    Know command injections in the OS and the weaknesses of the operating system that allow it.
  • Discuss characteristics of different injection attacks and their distribution within the threat landscape.

INJECTION VULNERABILITY

1. Which operating system is susceptible to OS Command Injection attacks?

  • Linux
  • Windows
  • MacOS
  • All operating systems are susceptible. 

(CORRECT)Correct, There are vulnerabilities inherent to all operating systems.

2. What is a possible impact of running commands thought OS shell interpreters such as sh, bash, cmd.exe and powershell.exe?

  • It makes it more difficult for a hacker to inject additional commands or arguments.
  • Powershell.exe is resistant to OS Injection attacks but sh, bash and cmd.exe have no built-in security.
  • It makes it easier for a hacker to inject additional commands or arguments. 
  • (CORRECT)

3. True or False: Safe coding practice avoides using OS commands when it can be avoided.

  • True (CORRECT)
  • False

Correct, Unsafe coding practices suggest that the OS and envoy commands standard should not be used unnecessarily.

4. True or False: Safe coding practice always runs commands through a shell interpreter.

  • True
  • False (CORRECT)

Correct! Safe coding practice does not always runs commands through a shell interperter.

5. True or False: Safe coding practice uses library functions when running OS commands.

  • True (CORRECT)
  • False

Correct, This should be called as running OS commands via library functions.

6. True or False: Safe coding practice uses blacklists and avoids the use of whitelists.

  • True
  • False (CORRECT)

Correct! Coding safely is to use whitelists instead of blacklists.

SQL INJECTION

1. A hacker tailoring his actions based on the database errors the application displays is an example of which type of SQL Injection attack?

  • Blind injection
  • Error-based (CORRECT)
  • UNION-based
  • Out of Band

Correct, error-based

2. True or False: Use of prepared statements is an effective mitigation against SQL Injection attacks because it seperates the query structure from the query parameters.

  • True (CORRECT)
  • False

Correct, Always keep database errors transparent from the users to avoid exposing any hidden part of an application to suit the potential attackers.

3. True or False: Native database errors should be hidden from the user to prevent hackers from gaining insight into the internal structure of your application.

    • True (CORRECT)
    • False

    Correct, Native database errors should be hidden from the user to prevent hackers from gaining insight into the internal structure of your application.

4. True or False: The use of object-relational mapping (ORM) libraries is a dangerous practice that can help hackers conduct successful SQL Injection attacks.

  • True
  • False (CORRECT)

Correct, Most dangerous are object-relational mapping (ORM) libraries, which, if improperly used, could lead to vulnerabilities in SQL Injection attacks.

SOFTWARE VULNERABILITIES

1. What happens in a file inclusion attack?

  • An attacker uses a web application to send a browser-side script to another user.
  • An attacker sends more data to a web application than the memory buffer can handle.
  • An attacker uploads a file to a web application without proper validation. (CORRECT)
  • An attacker places malicious code into an SQL statement through a web page.

Correct. An attack on file inclusion takes place whereby an attacker can upload a file via a web application without validating the uploaded file, which would lead to the system displaying or executing files that should not be viewed or used by the public.

2. How can you view a complete list of an application’s pages and subpages that OWASP ZAP indexed during a scan?

  • Click the History tab in the Information window.
  • Click the Quick Start tab in the Workspace window.
  • Expand Sites in the Tree window. (CORRECT)
  • Select ATTACK Mode from the list of modes.

Correct. Expand the “Sites” section in the Tree window to see the URLs scanned by ZAP, and open the other sites to see the additional URLs identified and examined.

3. You and a team of developers are creating an application and collaborating on the project using a GitHub repository. You edited the code for one of the project’s files and committed your change. What should you do next?

  • Clone the project.
  • Fork the repository.
  • Issue a pull request. (CORRECT)
  • Merge your code with the repository.

Correct. Submit a pull request to let your teammates know that the changes made are ready to be reviewed after you commit your change.

4. You just used Snyk to scan several GitHub repositories. One of the repositories is named itsarepo, and you’re especially interested in the results from scanning a file in that repository named buggycode.py. Where in Snyk could you find a detailed breakdown of this file’s vulnerabilities such as “Container is running without privilege escalation control”?

  • Integrations > Vulnerability management > Vulcan
  • Projects > itsarepo > buggycode.yaml > Settings icon > GitHub integration
  • Projects > itsarepo > buggycode.yaml > Issues (CORRECT)
  • Integrations > GitHub > itsarepo > buggycode.py

Correct. Import and scan your repositories from the Projects page in Snyk. The project security report will be shown after the scan. Expand the repository and click on buggycode.py to view the Overview page of the file. Scroll down to the Issues tab for a detailed list of vulnerabilities detected.

DEEP DIVE – INJECTION VULNERABILITY

1. Which vulnerability is being exploited in an OS Command Injection attack?

  • Improperly configured security settings in the MySQL database.
  • Poor user input sanitation and unsafe execution of OS commands. (CORRECT)
  • Vulnerabilities in the operating system shell interpreter.
  • Vulnerabilities in the operating system kernel.

2. What is a simple but effective way to protect against DLL hijacking?

  • Avoid using DLL libraries in commercial applications where security is a concern.
  • Write-protect the folders that contain your libraries.
  • Always use explicit paths to the commands or library applications. (CORRECT)
  • Use only hijack resistant open-source libraries whenever possible.

3. True or False: Safe coding practice runs code with the least possible privilege.

  • True (CORRECT)
  • False

4. True or False: Safe coding practice always specifies relative paths when running applications or using shared libraries.

  • True
  • False (CORRECT)

5. True or False: Safe coding practice does not let user input reach an OS command unchanged.

  • True (CORRECT)
  • False

6. A hacker exfiltrating data by injecting an HTTPrequest command is an example of which type of SQL Injection attack?

  • UNION-based
  • Blind injection
  • Error-based
  • Out of Band (CORRECT)

7. True or False: Limiting database user permissions is an ineffective strategy in preventing SQL Injection attacks since the injected code will run directly against the database regardless of the permission levels that have been set.

  • True
  • False (CORRECT)

8. Which of the following will help reduce the SQL Injection attack surface?

  • Direct use of native operating system commands.
  • Showing users the exact nature of database input errors.
  • Direct SQL execution from user input values.
  • Use of stored procedures. (CORRECT)

9. When developing an application, using NoSQL instead of MySQL will have what effect on the applications susceptibility to SQL Injection attacks?

  • It will have no impact on the risk of an injection attack.
  • It will eliminate the injection attack surface.
  • It will increase the risk of an injection attack.
  • It will reduce, but not eliminate, the injection attack surface. (CORRECT)

10. You work at a software development company. The development team incorporates security checks throughout software development, and all their code passes them. But you want extra assurance that the applications that they develop can withstand real-world cyberattacks. You want to simulate real hacking techniques to identify any remaining vulnerabilities. What cyberdefense method should you use?

  • Security monitoring
  • System information event management
  • Dynamic application security testing
  • Penetration testing (CORRECT)

11. How can you view a complete list of all vulnerabilities that OWASP ZAP detected while scanning an application?

  • Click the Request tab in the Workspace window.
  • Expand Sites in the Tree window.
  • Select Protected Mode from the list of modes.
  • Click the Alerts tab in the Information window. (CORRECT)

12. You find a public GitHub repository for an application and would like to use and modify the application’s code for your own project. However, you need to do so without impacting the current repository. What should you do?

  • Access your list of GitHub repositories, and then click Projects.
  • Access the repository’s web page, and then click Pull requests.
  • Access the repository’s web page, and then click Fork. (CORRECT)
  • Access your list of GitHub repositories, and then click Sort.

13. You’re the project manager for a development team working on code in a GitHub repository. You use Snyk to scan the repository for vulnerabilities. Snyk identifies only one vulnerability, “Container has no CPU limit”, and marks the vulnerability as low severity. The fix for this issue is currently in development, but you don’t know when it will be ready. What should you do next on the file’s Overview page?

  • Click Ignore, click Not vulnerable, type a comment in the comment field, and then click Save.
  • Click Ignore, click Ignore permanently, and then click Save.
  • Click Ignore, click Ignore temporarily, select the Until fix is available checkbox, and then click Save. (CORRECT)
  • Click Ignore, click Not vulnerable, and then click Save.

CONCLUSION – Deep Dive – Injection Vulnerability

In all its parts, this module brings an in-depth insight into one of the most common vulnerabilities of Injection with the capability of an IBM Subject Matter Expert.

To understand better and mitigate the two major security threats of OS Command Injection and SQL Injection, the module has provided you the foundation.

Leave a Comment