Lesson 7 A Flashcards
Structured Query Language (SQL)
A web application is likely to use Structured Query Language (SQL) to read and write information from a database. SQL statements perform operations such as selecting data (SELECT), inserting data (INSERT), deleting data (DELETE), and updating data (UPDATE). In a SQL injection attack, the threat actor modifies one or more of these four basic functions by adding code to some input accepted by the app, causing it to execute the attacker’s own set of SQL queries or parameters. If successful, this could allow the attacker to extract or insert information into the database or execute arbitrary code on the remote system using the same privileges as the database application.
For example, consider a web form that is supposed to take a name as input. If the user enters “Bob”, the application runs the following query:
SELECT * FROM tbl_user WHERE username = ‘Bob’
If a threat actor enters the string ‘ or 1=1– and this input is not sanitized, the following malicious query will be executed:
SELECT * FROM tbl_user WHERE username = ‘’ or 1=1–#
The logical statement 1=1 is always true, and the –# string turns the rest of the statement into a comment, making it more likely that the web application will parse this modified version and dump a list of all users.
There are three principal types of cryptographic technology:
symmetric encryption, asymmetric encryption, and cryptographic hashing.
Cryptographic Hashes
A hash is a short representation of data. A hash function takes any amount of data as input and produces a fixed-length value as output. A cryptographic hash performs this process as a one-way function that makes it impossible to recover the original value from the hash. Cryptographic hashes are used for secure storage of data where the original meaning does not have to be recovered (passwords, for instance).
Two of the most used cryptographic hash algorithms are Secure Hash Algorithm (SHA) and Message Digest (MD5). MD5 is the older algorithm and is gradually being phased out of use.
Symmetric Encryption
A symmetric encryption cipher uses a single secret key to both encrypt and decrypt data. The secret key is so-called because it must be kept secret. If the key is lost or stolen, the security is breached. Consequently, the main problem with symmetric encryption is secure distribution and storage of the key. This problem becomes exponentially greater the more widespread the key’s distribution needs to be. The main advantage is speed. A symmetric cipher, such as the Advanced Encryption Standard (AES), can perform bulk encryption and decryption of multiple streams of data efficiently.
Asymmetric Encryption
An asymmetric encryption cipher uses a key pair. A key pair is a private key and a public key that are mathematically linked. For any given message, either key can perform either the encrypt or decrypt operation but not both. Only the paired key can reverse the operation. For example, if the public key part is used to encrypt a message, only the linked private key can be used to decrypt it. The public key cannot decrypt what it has just encrypted.
The private key must be kept a secret known only to a single subject (user or computer). The public key can be widely and safely distributed to anyone with whom the subject wants to communicate. The private key cannot be derived from the public key.
Digital Signatures
A digital signature proves that a message or digital certificate has not been altered or spoofed. The sender computes a cryptographic hash of a message, encrypts the hash with his or her private key, and attaches the output to the message as a digital signature. When the recipient receives the message, she or he can decrypt the signature using the public key to obtain the sender’s hash. The recipient then computes her or his own hash of the message and compares the two values to confirm they match.
Key Exchange
Key exchange allows two hosts to know the same symmetric encryption key without any other host finding out what it is. A symmetric cipher is much faster than an asymmetric one, so it is often used to protect the actual data exchange in a session. Asymmetric encryption only operates efficiently on data that is smaller than the key size. This makes it well-suited to encrypt and exchange symmetric cipher keys.
The sender uses the recipient’s public key to encrypt a secret key. The recipient uses the private key to retrieve the secret key and then uses the secret key to decrypt whatever data message was transmitted by the sender. In this context, the symmetric cipher secret key is also referred to as a session key. If it is changed often, it is also referred to as an ephemeral key.