Image for post
Image for post
© PortSwigger

Last week we’ve talked about preventing cross-site scripting (XSS): a vulnerability that stems from an attacker’s ability to inject malicious code into the client-side of an application.

This week we’re going to talk about SQL injection attacks: whilst XSS affect the client-side of an application, SQLi affect its backend.

At the core, a SQL injection vulnerability is present whenever an application injects untrusted (anything the application receives from the outside — usually user input data) input into a SQL query in such a way that the data is interpreted as being part of the query logic.

What can an attacker do?

Applications are just a wrapper around some data: truth is in the data and access, interpretation and control of it is in the application. …


Image for post
Image for post
© PortSwigger

Cross-site scripting is one of the most common and popular web attacks.

It allows an attacker to inject client-side code into web applications screens that are then viewed by the victims.

Consequences and impact can vary depending on the type of attacks and context in which the attack is launched.

XSS can be classified as:

  • Self-XSS / Reflected XSS / Non-persistent XSS / Type-II XSS
  • Persistent XSS / Stored XSS / Type-I XSS
  • DOM based XSS

Self-XSS

Let’s suppose we have the following PHP code - PHP just to pick (a legible) one:

Self-XSS Example

Textbook XSS: The victim opens a link that looks…


There’s always a lot of debate in regards to how to safely store passwords and what algorithm to use: MD5, SHA1, SHA256, PBKDF2, Bcrypt, Scrypt, Argon2, plaintext??

So I tried to analyse and summarise the most recent and reasonable choices: Scrypt, Bcrypt and Argon2. …and yes, MD5, SHA1, SHA256 are not suitable for storing passwords! 😉

Image for post
Image for post

A summary

In 2015, I’ve published ‘Password Hashing: PBKDF2, Scrypt, Bcrypt’ intended as an extended reply to a friend’s question.

Summarily saying that:

Attackers have usually different and more specialised (powerful) hardware than ours;

Attackers use specialized hardware because it can be tailored to the algorithm, the different hardware architecture allows certain algorithm to run faster than on non-specialised hardware (CPU) and - overall - certain algorithms can be…

About

Michele Preziuso

CEO @KaosDynamics. AWS Certified DevOps Engineer, Solutions Architect @Peach_video. Security fanatic. I build things, I break things. Also a human …sometimes.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store