300 word summary: What is the paper about? Defending Against Injection Attacks Through Context-Sensitive String Evaluation introduces CSSE – Context-Sensitive String Evaluation – a way to detect sqlI in php at runtime – essentially an intrusion detection platform for php apps (though it required modifications to source-code) and its implementation. The Read more…
300 word summary: AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks. Provides a valuable background section on the countermeasures for SQL injection attacks: Defensive Programming General Techniques against SQLi Static Analysis techniques Provides examples of SQL injection attacks, with sql code. Provides a definition of an sql injection attack: “An Read more…
My MSc Thesis in 2016 was titled Evaluation of SQL injection testing tools and techniques. I had a quick look through all my old uni work looking for content to put on my blog, and decided to see if I could find my thesis online. I found it available as Read more…
My research notes about the different types of sqli – sql injection attack types; inband (eg reading errors from the screen) out-of-band (getting information from a different channel eg from an email after the attack) inferrential (or blind) – getting an error from a system that allows you to re-construct Read more…
It turns out that coding in php on android is possible (even if its not as good as on a mac, linux or even windows). In this blog post I’ll go into some editors, IDE’s and other options for editing php code (and running a development LAMP stack) on your Read more…
Installing mariadb 10.2 mysql 5.7 in centos If you use the following method to install the latest mariadb, updates will be installed with the regular yum update commands! The first part is to add the mariadb official repo to your system. 1) firstly, create an empty file at /etc/yum.repos.d/mariadb.repo sudo Read more…
Ive completed my MSc Thesis! I was awarded a grade A (81%) and an MSc with distinction :D The abstract from my thesis is below: SQL injection vulnerabilities remain one of the top ten most critical web-application security risks. SQL injection itself is a well understood subject. There are many Read more…
Installing mongodb on centos7: To install the mongodb server in centos7 first you have to add the mongodb repo: vim /etc/yum.repos.d/mongodb.repo Paste this into the file: [mongodb] name=MongoDB Repository baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/ gpgcheck=0 enabled=1 Next, update your yum database and install the mongodb server yum update && yum install mongodb-org mongodb-org-server Your Read more…
What is an sql injection attack? All websites process data entered by users. An input-validation attack is when unexpected user input is processed by a web server or database and an error occurs. What is an sql injection attack? “An SQL Injection Attack (SQLIA) occurs when an attacker attempts to Read more…
Oracle process overview. There are 3 types of oracle processes: USER processes SERVER processes BACKGROUND processes User connected to a user application (eg sql*plus) controls the application associated with an oracle server process Server processes there are 2 types of oracle server process, depending on configuration Dedicated ( 1 server Read more…
Oracle forms overview. Oracle internet platform consists of 3 components: oracle application server (forms service + OC4J) oracle developer suite (forms developer + object navigator + form module) oracle database Oracle application server includes forms service – new generation of tools that allow devs to deploy new and existing forms Read more…
This is a basic oracle procedure with cursor: DECLARE CURSOR my_cursor IS SELECT * FROM table_a LEFT JOIN table_b ON a.x = b.x BEGIN FOR things IN my_cursor LOOP — do stuff END LOOP COMMIT;END;
Oracle instead of triggers, and why you need them: You cant update a view if it contains:group byorder byanalytical /aggregate functionssubqueriesjoins You then need an ‘instead of’ trigger CREATE TRIGGER my_trigger INSTEAD OF INSERT ON my_view FOR EACH ROW DECLARE — stuff BEGIN INSERT INTO table_a VALUES ( :NEW.col_a, :NEW.col_b); Read more…
Oracle logical structures Oracle logical structures can be summarised by the following: Schema. Tablespace. Datablock. Redo log. Schema collection of objects (table, view, etc) owned by db user name is the same as db user mixed up (user is often used interchangeably with schema) access – user has access to Read more…
Oracle control file: binary file start of instance, file is checked database has 1 control file each modifiable only by oracle editing prohibited, even by DBA Keeps track of: datafile names and locations redo log names and locations table-space information name of database time-stamp of database creation Usage: on start Read more…
To update to php 5.4 and mysql 5.5 in centos 6: 1) install the epel, remi and rpm-forge repos rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm 2) edit the /etc/yum.repos.d files to enable the repos vi /etc/yum.repos.d/epel.repo change the enabled=0 to enabled=1 vi /etc/yum.repos.d/remi.repo change the enabled=0 to Read more…
If you want to set a featured image on all wordpress posts that dont already have a featured image set, then this mysql query can help: # please note that this query will fail; you have to replace ‘id_of_image_from_upload_table’ with the id of the image you uploaded. To find that Read more…