Application of Database Audit in code security check

Problem

Code security is the root cause of many security issues. Insecure code can often be exploited by attackers to steal user privacy or even steal trade secrets. As a result, more and more companies have introduced code security checks during product development. Common Code security check methods include manual traversal and static tool scanning. However, either of them has some drawbacks, especially the inability to avoid a common problem: Some vulnerabilities cannot immediately verify whether the dangerous SQL commands created by the front-end have been executed in the database.

Ideas

This document uses PHP + MySQL injection as an example to introduce the database audit function to enhance the efficiency of code security check and vulnerability mining. In a typical Web security architecture, the Web Front-end interacts with the background database. Hidden issues that cannot be found in the Code audit process are often reflected in database audit logs.

 

Policy

Taking typical SQL injection as an example, when attackers access PHP injection points, they often submit injection commands by tampering with parameters. If the script on the attacked page does have a vulnerability, illegal commands will be carried into the SQL statement execution process. Therefore, when the database audit function is enabled, you can use the database audit log to determine whether the front-end SQL injection is successful.

Implementation

Is a typical PHP + MySQL injection point. The front-end Web page has the SQL injection vulnerability, causing illegal form data submitted by attackers to be carried into SQL commands. (For ease of demonstration, the SQL statement is displayed on this page .)

To check whether the SQL command is successfully executed using the database audit log, you must configure the MySQL database audit function before performing this operation. The method is as follows:

Edit MySQL configuration file mysql. ini

Set the log parameter to the specified log file path, log = "E:/mysql. log"

 

After the modification, save the configuration file and restart the MySQL service.

 

Access the URL again: http: // 127.0.0.1/sqlinject/SQL. php and submit the SQL Injection command containing invalid parameters.

After several minutes (the database writes logs with a cache mechanism, instead of writing them immediately), access the file E: \ mysql. log. You can see that the MySQL database does execute an SQL command with invalid parameters, so that you can determine that the SQL. php code does have the SQL injection vulnerability.

Shows the process of this security code check. This method is also suitable for other types of Web code security checks, such as ASP and JSP.

Summary

This document provides a valuable reference for code auditing and vulnerability mining. This idea can improve the efficiency and accuracy of code audit to a certain extent, but it also has some drawbacks. For example, the production system generally does not enable the audit function easily, therefore, this solution cannot be applied to the production environment. In addition, if there are many website applications and a large number of database logs are generated during the test, it may take a certain amount of work to detect and compare the logs. However, this method is still an effective security verification method. After all, malicious database commands are found in SQL logs, which is sufficient to indicate the security of front-end code.