COURSE 4 – NETWORK SECURITY & DATABASE VULNERABILITIES

Module 4: Deep Dive – Injection Vulnerability

IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE

Complete Coursera Study Guide

Enroll in Coursera IBM Cybersecurity Analyst Professional Certificate Here

TABLE OF CONTENT

INTRODUCTION – Deep Dive – Injection Vulnerability

In this module, you’ll listen to an IBM Subject Matter expert as they delve into the prevalent vulnerability of Injection. You’ll gain fundamental knowledge about OS Command Injection and SQL Injection.

Learning Objectives

  • Detect and analyze code vulnerabilities using Snyk
  • Create and modify repositories on GitHub
  • Analyze a web application’s vulnerabilities using OWASP ZAP
  • Identify common vulnerability attacks and defense against them
  • Describe non-SQL injection attacks such as NoSQL, XPath, and LDAP
  • Identify preventive measures against SQL injection
  • Identify common types of SQL injection
  • Explain how SQL injection works
  • Identify preventative measures against OS command injection attacks
  • Describe OS command injection attacks and the operating system flaws that allow them to occur
  • Describe the nature of various injection attacks and their prevalence on the threat landscape

INJECTION VULNERABILITY

1. Which operating system is susceptible to OS Command Injection attacks?

  • Linux
  • Windows
  • MacOS
  • All operating systems are susceptible. (CORRECT)

Correct, all operating systems are susceptible.

2. What is a possible impact of running commands thought OS shell interpreters such as sh, bash, cmd.exe and powershell.exe?

  • It makes it more difficult for a hacker to inject additional commands or arguments.
  • Powershell.exe is resistant to OS Injection attacks but sh, bash and cmd.exe have no built-in security.
  • It makes it easier for a hacker to inject additional commands or arguments. (CORRECT)

Correct! It makes it easier for a hacker to inject additional commands or arguments.

3. True or False: Safe coding practice avoides using OS commands when it can be avoided.

  • True (CORRECT)
  • False

Correct, Safe coding practice avoides using OS commands when it can be avoided.

4. True or False: Safe coding practice always runs commands through a shell interpreter.

  • True
  • False (CORRECT)

Correct! Safe coding practice does not always runs commands through a shell interperter.

5. True or False: Safe coding practice uses library functions when running OS commands.

  • True (CORRECT)
  • False

Correct,  Safe coding practice uses library functions when running OS commands.

6. True or False: Safe coding practice uses blacklists and avoids the use of whitelists.

  • True
  • False (CORRECT)

Correct!  Safe coding practice does not use blacklists but prefers the use of whitelists.

SQL INJECTION

1. A hacker tailoring his actions based on the database errors the application displays is an example of which type of SQL Injection attack?

  • Blind injection
  • Error-based (CORRECT)
  • UNION-based
  • Out of Band

Correct, error-based

2. True or False: Use of prepared statements is an effective mitigation against SQL Injection attacks because it seperates the query structure from the query parameters.

  • True (CORRECT)
  • False

Correct,  Use of prepared statements is an effective mitigation against SQL Injection attacks because it seperates the query structure from the query parameters.

3. True or False: Native database errors should be hidden from the user to prevent hackers from gaining insight into the internal structure of your application.

  • True (CORRECT)
  • False

Correct, Native database errors should be hidden from the user to prevent hackers from gaining insight into the internal structure of your application.

4. True or False: The use of object-relational mapping (ORM) libraries is a dangerous practice that can help hackers conduct successful SQL Injection attacks.

  • True
  • False (CORRECT)

Correct, The use of object-relational mapping (ORM) libraries is not a dangerous practice that can help hackers conduct successful SQL Injection attacks.

SOFTWARE VULNERABILITIES

1. What happens in a file inclusion attack?

  • An attacker uses a web application to send a browser-side script to another user.
  • An attacker sends more data to a web application than the memory buffer can handle.
  • An attacker uploads a file to a web application without proper validation. (CORRECT)
  • An attacker places malicious code into an SQL statement through a web page.

Correct. A file inclusion attack is when an attacker uploads a file to a web application without proper validation. The attacker tricks the web application into showing or running files that should not be publicly visible or available.

2. How can you view a complete list of an application’s pages and subpages that OWASP ZAP indexed during a scan?

  • Click the History tab in the Information window.
  • Click the Quick Start tab in the Workspace window.
  • Expand Sites in the Tree window. (CORRECT)
  • Select ATTACK Mode from the list of modes.

Correct. To view the URLs that ZAP scanned, first, expand Sites in the Tree window. Next, expand other sites to view more URLs discovered and explored.

3. You and a team of developers are creating an application and collaborating on the project using a GitHub repository. You edited the code for one of the project’s files and committed your change. What should you do next?

  • Clone the project.
  • Fork the repository.
  • Issue a pull request. (CORRECT)
  • Merge your code with the repository.

Correct. After committing a change, you should issue a pull request. Doing so notifies your team members that your changes are ready for review.

4. You just used Snyk to scan several GitHub repositories. One of the repositories is named itsarepo, and you’re especially interested in the results from scanning a file in that repository named buggycode.py. Where in Snyk could you find a detailed breakdown of this file’s vulnerabilities such as “Container is running without privilege escalation control”?

  • Integrations > Vulnerability management > Vulcan
  • Projects > itsarepo > buggycode.yaml > Settings icon > GitHub integration
  • Projects > itsarepo > buggycode.yaml > Issues (CORRECT)
  • Integrations > GitHub > itsarepo > buggycode.py

Correct. You can import and scan your repositories from the Projects page in Snyk. Once that process is complete, the project security report is displayed. Expand itsarepo, and then click buggycode.py. The file’s Overview page opens. Finally, scroll down to the Issues tab for a detailed breakdown of the detected vulnerabilities.

DEEP DIVE – INJECTION VULNERABILITY

1. Which vulnerability is being exploited in an OS Command Injection attack?

  • Improperly configured security settings in the MySQL database.
  • Poor user input sanitation and unsafe execution of OS commands. (CORRECT)
  • Vulnerabilities in the operating system shell interpreter.
  • Vulnerabilities in the operating system kernel.

2. What is a simple but effective way to protect against DLL hijacking?

  • Avoid using DLL libraries in commercial applications where security is a concern.
  • Write-protect the folders that contain your libraries.
  • Always use explicit paths to the commands or library applications. (CORRECT)
  • Use only hijack resistant open-source libraries whenever possible.

3. True or False: Safe coding practice runs code with the least possible privilege.

  • True (CORRECT)
  • False

4. True or False: Safe coding practice always specifies relative paths when running applications or using shared libraries.

  • True
  • False (CORRECT)

5. True or False: Safe coding practice does not let user input reach an OS command unchanged.

  • True (CORRECT)
  • False

6. A hacker exfiltrating data by injecting an HTTPrequest command is an example of which type of SQL Injection attack?

  • UNION-based
  • Blind injection
  • Error-based
  • Out of Band (CORRECT)

7. True or False: Limiting database user permissions is an ineffective strategy in preventing SQL Injection attacks since the injected code will run directly against the database regardless of the permission levels that have been set.

  • True
  • False (CORRECT)

8. Which of the following will help reduce the SQL Injection attack surface?

  • Direct use of native operating system commands.
  • Showing users the exact nature of database input errors.
  • Direct SQL execution from user input values.
  • Use of stored procedures. (CORRECT)

9. When developing an application, using NoSQL instead of MySQL will have what effect on the applications susceptibility to SQL Injection attacks?

  • It will have no impact on the risk of an injection attack.
  • It will eliminate the injection attack surface.
  • It will increase the risk of an injection attack.
  • It will reduce, but not eliminate, the injection attack surface. (CORRECT)

10. You work at a software development company. The development team incorporates security checks throughout software development, and all their code passes them. But you want extra assurance that the applications that they develop can withstand real-world cyberattacks. You want to simulate real hacking techniques to identify any remaining vulnerabilities. What cyberdefense method should you use?

  • Security monitoring
  • System information event management
  • Dynamic application security testing
  • Penetration testing (CORRECT)

11. How can you view a complete list of all vulnerabilities that OWASP ZAP detected while scanning an application?

  • Click the Request tab in the Workspace window.
  • Expand Sites in the Tree window.
  • Select Protected Mode from the list of modes.
  • Click the Alerts tab in the Information window. (CORRECT)

3. 12. You find a public GitHub repository for an application and would like to use and modify the application’s code for your own project. However, you need to do so without impacting the current repository. What should you do?

  • Access your list of GitHub repositories, and then click Projects.
  • Access the repository’s web page, and then click Pull requests.
  • Access the repository’s web page, and then click Fork. (CORRECT)
  • Access your list of GitHub repositories, and then click Sort.

13. You’re the project manager for a development team working on code in a GitHub repository. You use Snyk to scan the repository for vulnerabilities. Snyk identifies only one vulnerability, “Container has no CPU limit”, and marks the vulnerability as low severity. The fix for this issue is currently in development, but you don’t know when it will be ready. What should you do next on the file’s Overview page?

  • Click Ignore, click Not vulnerable, type a comment in the comment field, and then click Save.
  • Click Ignore, click Ignore permanently, and then click Save.
  • Click Ignore, click Ignore temporarily, select the Until fix is available checkbox, and then click Save. (CORRECT)
  • Click Ignore, click Not vulnerable, and then click Save.

CONCLUSION – Deep Dive – Injection Vulnerability

In conclusion, this module provides valuable insights into the common vulnerability of Injection through the expertise of an IBM Subject Matter expert.

By exploring the basics of OS Command Injection and SQL Injection, you’ve gained essential knowledge to better understand and address these security threats.

Previous Week
Next Course

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe