SQL Injection & Soul Injection attacks. Mano ‘dash4rk’ Paul CISSP, CSSLP, AMBCI, MCAD, MCSD, CompTIA Network+, ECSA. ABC’s about me --. Author The 7 Qualities of Highly Secure Software The Official (ISC) 2 Guide to the CSSLP Advisor Software Assurance Advisor Biologist
Mano ‘dash4rk’ PaulCISSP, CSSLP, AMBCI, MCAD, MCSD, CompTIA Network+, ECSA
Teach Security (SQL Injection)
Teach Christ (Soul Injection)
Teach Security In Christ (Discussion)
An attack where the attacker supplies input which gets concatenated with internal SQL commands and gets executed.
Attempts to exploit vulnerabilities and execute their own commands within your application
Seeks control upon compromise
Show me, and I may remember
Involve me, and I’ll understand
External: Input not handled properly
Internal: Dynamic Query Construction
string _sQry= "SELECT * FROM USERS WHERE uname= '" + txtUserName.Text+ "' AND pwd= '"+ txtPassword.Text+ "'”;
Attacker supplies ' OR 1=1 --
string _sQry = "SELECT * FROM USERS
WHERE uname= '' OR 1=1 –- '
AND pwd = '" + txtPassword.Text + "'";
This is the BEST defense against SQL Injection
Disallow dynamic query construction
Use parameterized procedures/statements
Use Language Integrated Query (LINQ) (if supported)
Parameterization renders ineffective all input data that are concatenated with SQL commands
An attack where the devil supplies temptations which gets concatenated with our internal commands and gets executed.
Satan, the attacker, is like a roaring lion,
seeking whom he may devour (1 Peter 5:8)
In the Garden of Eden
through time till
and still rising …
Satan, the attacker has blinded the minds of many, lest they see the glorious light of the Gospel in Jesus Christ (2 Corinthians 4:4)
Irrespective of race, color, sex, age, nationality, or even religion.
All have sinned and have fallen short of the glory of God (Romans 3:23)
The wages of sin is death (Romans 6:23)
The Holy Spirit will help you render ineffective all temptations and he will help you handle them.
THE BEST (and only) DEFENSE against SOUL INJECTION is JESUS CHRIST
Points to Ponder
How are you defending your soul against injection attacks by Satan (the attacker)?
All who call on the
name of the Lord Jesus Christ
shall be saved