SlideShare una empresa de Scribd logo

Cyber crime an eye opener 144 te 2 t-7

Descargar como PPTX, PDF
Gargee Hiray
Gargee Hiray
1 de 19
CYBER CRIME AN EYE OPENER – SQL INJECTION (SQLIA’S) Seminar Guide Prof.S A Shinde Gargee S Hiray TE 2 Roll no : 144
SOME QUESTIONS ?  What are we so concerned about?  What are we trying to protect?  What an Ethical Hacker is and does ?
WHAT ARE WE SO CONCERNED ABOUT?
WHAT ARE WE TRYING TO PROTECT?
WHAT AN HACKER IS AND DOES ?  Someone who seeks and exploits weaknesses in a computer system or computer network  Who makes innovative customizations or computer equipment.  Who combines excellence, playfulness and cleverness in performed activities
TYPES OF HACKERS
OVER VIEW What is SQL INJECTION ?  How common is it?  Can we hack website easily ?  How does it work ?  Finding SQL Injection .  Protecting against SQL Injection  Impact of SQL Injection.  SQL injection Conclusion. 
WHAT IS SQL INJECTION?  SQL Injections are attacks by which an attacker alters the structure of the original SQL query by injecting SQL code in the input fields of the web form in order to gain unauthorized access to the database.
HOW COMMON IS IT? It is probably the most common Website vulnerability today!  It is a flaw in "web application" development, it is not a DB or web server problem  More than 60 % of the websites are Hacked due to SQL Injection . 
CAN WE HACK WEBSITE EASILY ?
HOW DOES IT WORK ?
FINDING SQL INJECTION 1. Submit a single quote as input ' If an error results, app is vulnerable. If no error, check for any output changes. 2. Submit two single quotes. Databases use ’’ to represent literal ’ If error disappears, app is vulnerable. 3. Try string or numeric operators.
EXAMPLES ' or '1'='1' -- '  ' or '1'='1' ({ ‘  ' or '1'='1' /* ‘  ' or '1'=‘1 
PROTECTING AGAINST SQL INJECTION strong design  correct input validation 
IMPACT OF SQL INJECTION 1. 2. 3. 4. 5. Leakage of sensitive information. Reputation decline. Modification of sensitive information. Loss of control of db server. Data loss.
SQL INJECTION CONCLUSION SQL injection is technique for exploiting applications that use relational databases as their back end.  Transform the innocent SQL calls to a malicious call  Cause unauthorized access, deletion of data, or theft of information 
REFERENCES  SQL INJECTIONS – A HAZARD TO WEB APPLICATIONS By- Neha Singh and Ravindra Kumar Purwar Issue 6, June 2012.  SQL INJECTION ATTACKS DETECTION IN ADVERSARI AL ENVIRONMENTS BY K-CENTERS Issue 15-17 July, 2012 http://www.britannica.com/EBchecked/topic/130595 /cybercrime  http://www.acunetix.com/websitesecurity/sqlinjection/ 
THANK YOU Any Query ?

Recomendados

SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101 Wade Malone
 
Sql Injection at Hashemite University
Sql Injection at Hashemite UniversitySql Injection at Hashemite University
Sql Injection at Hashemite UniversityYusuf Amro
 
Open Source Security – A vendor's perspective
Open Source Security – A vendor's perspectiveOpen Source Security – A vendor's perspective
Open Source Security – A vendor's perspectiveMatthew Wilkes
 
TDC PoA submission
TDC PoA submissionTDC PoA submission
TDC PoA submissionMarcelo Yuri Benesciutti
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Veracode
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]Anna Völkl
 
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...Emerasoft, solutions to collaborate
 

Recomendados

SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101 Wade Malone
 
Sql Injection at Hashemite University
Sql Injection at Hashemite UniversitySql Injection at Hashemite University
Sql Injection at Hashemite UniversityYusuf Amro
 
Open Source Security – A vendor's perspective
Open Source Security – A vendor's perspectiveOpen Source Security – A vendor's perspective
Open Source Security – A vendor's perspectiveMatthew Wilkes
 
TDC PoA submission
TDC PoA submissionTDC PoA submission
TDC PoA submissionMarcelo Yuri Benesciutti
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Veracode
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]Anna Völkl
 
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...Emerasoft, solutions to collaborate
 
t r
t rt r
t relectronicmingle01
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationOwasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationDerrick Hunter
 
Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018Dinis Cruz
 
Security Testing - A complete Guide
Security Testing - A complete GuideSecurity Testing - A complete Guide
Security Testing - A complete GuideBugRaptors
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsJoel Divekar
 
Android security testing
Android security testingAndroid security testing
Android security testingVodqaBLR
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changerJaap Karan Singh
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackerstomasperezv
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDThreat Stack
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksAll Things Open
 
Skillful scalefull fullstack security in a state of constant flux
Skillful scalefull fullstack security in a state of constant fluxSkillful scalefull fullstack security in a state of constant flux
Skillful scalefull fullstack security in a state of constant fluxEoin Keary
 
Journey to Azure Sentinel
Journey to Azure SentinelJourney to Azure Sentinel
Journey to Azure SentinelCheah Eng Soon
 
OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaIshan Mathur
 
Application Security Webcast
Application Security WebcastApplication Security Webcast
Application Security WebcastVlad Styran
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10Shivam Porwal
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's lifeOWASP
 
Secure Software Engineering
Secure Software EngineeringSecure Software Engineering
Secure Software EngineeringRohitha Liyanagama
 
Mobile arsenal
Mobile arsenalMobile arsenal
Mobile arsenalAckcent
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Ravindra Singh Rathore
 
Op2423922398
Op2423922398Op2423922398
Op2423922398IJERA Editor
 

Más contenido relacionado

La actualidad más candente

Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationOwasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationDerrick Hunter
 
Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018Dinis Cruz
 
Security Testing - A complete Guide
Security Testing - A complete GuideSecurity Testing - A complete Guide
Security Testing - A complete GuideBugRaptors
 
Android security testing
Android security testingAndroid security testing
Android security testingVodqaBLR
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changerJaap Karan Singh
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackerstomasperezv
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDThreat Stack
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksAll Things Open
 
Skillful scalefull fullstack security in a state of constant flux
Skillful scalefull fullstack security in a state of constant fluxSkillful scalefull fullstack security in a state of constant flux
Skillful scalefull fullstack security in a state of constant fluxEoin Keary
 
Journey to Azure Sentinel
Journey to Azure SentinelJourney to Azure Sentinel
Journey to Azure SentinelCheah Eng Soon
 
OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaIshan Mathur
 
Application Security Webcast
Application Security WebcastApplication Security Webcast
Application Security WebcastVlad Styran
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's lifeOWASP
 
Mobile arsenal
Mobile arsenalMobile arsenal
Mobile arsenalAckcent
 

La actualidad más candente (20)

t r
t rt r
t r
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationOwasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
 
Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018
 
Security Testing - A complete Guide
Security Testing - A complete GuideSecurity Testing - A complete Guide
Security Testing - A complete Guide
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
Android security testing
Android security testingAndroid security testing
Android security testing
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changer
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditD
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
 
Skillful scalefull fullstack security in a state of constant flux
Skillful scalefull fullstack security in a state of constant fluxSkillful scalefull fullstack security in a state of constant flux
Skillful scalefull fullstack security in a state of constant flux
 
Journey to Azure Sentinel
Journey to Azure SentinelJourney to Azure Sentinel
Journey to Azure Sentinel
 
OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTrana
 
Application Security Webcast
Application Security WebcastApplication Security Webcast
Application Security Webcast
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life
 
Secure Software Engineering
Secure Software EngineeringSecure Software Engineering
Secure Software Engineering
 
Mobile arsenal
Mobile arsenalMobile arsenal
Mobile arsenal
 

Similar a Cyber crime an eye opener 144 te 2 t-7

Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Ravindra Singh Rathore
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET Journal
 
Web security
Web securityWeb security
Web securitydogangcr
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptxSimplilearn
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET Journal
 
SQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionSQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionBert Wagner
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure worldGianluca Sartori
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Yuji Kosuga
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Module 14 (sql injection)
Module 14 (sql injection)Module 14 (sql injection)
Module 14 (sql injection)Wail Hassan
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 
Sql injection whitepaper
Sql injection whitepaperSql injection whitepaper
Sql injection whitepaperManish Godawat
 
Sql injections
Sql injectionsSql injections
Sql injectionsKK004
 

Similar a Cyber crime an eye opener 144 te 2 t-7 (20)

Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
 
Op2423922398
Op2423922398Op2423922398
Op2423922398
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A Survey
 
Web security
Web securityWeb security
Web security
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptx
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
SQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionSQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET Edition
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackrose
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
Module 14 (sql injection)
Module 14 (sql injection)Module 14 (sql injection)
Module 14 (sql injection)
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 Project
 
Sql injection whitepaper
Sql injection whitepaperSql injection whitepaper
Sql injection whitepaper
 
Sql injections
Sql injectionsSql injections
Sql injections
 

Más de Gargee Hiray

Virtualization infrastructure governance policies Gargee S Hiray
Virtualization infrastructure governance policies Gargee S HirayVirtualization infrastructure governance policies Gargee S Hiray
Virtualization infrastructure governance policies Gargee S HirayGargee Hiray
 
Implementing load balancing algorithm in middleware system of volunteer cloud...
Implementing load balancing algorithm in middleware system of volunteer cloud...Implementing load balancing algorithm in middleware system of volunteer cloud...
Implementing load balancing algorithm in middleware system of volunteer cloud...Gargee Hiray
 
Implementation of affordable computing using virtualization Gargee S Hiray
Implementation of affordable computing using virtualization Gargee S HirayImplementation of affordable computing using virtualization Gargee S Hiray
Implementation of affordable computing using virtualization Gargee S HirayGargee Hiray
 
forensic document examiner using graphology science
forensic document examiner using graphology scienceforensic document examiner using graphology science
forensic document examiner using graphology scienceGargee Hiray
 
Graphology science(handwriting analysis
Graphology science(handwriting analysis Graphology science(handwriting analysis
Graphology science(handwriting analysis Gargee Hiray
 
Final presentation (1) (1)
Final presentation (1) (1)Final presentation (1) (1)
Final presentation (1) (1)Gargee Hiray
 

Más de Gargee Hiray (6)

Virtualization infrastructure governance policies Gargee S Hiray
Virtualization infrastructure governance policies Gargee S HirayVirtualization infrastructure governance policies Gargee S Hiray
Virtualization infrastructure governance policies Gargee S Hiray
 
Implementing load balancing algorithm in middleware system of volunteer cloud...
Implementing load balancing algorithm in middleware system of volunteer cloud...Implementing load balancing algorithm in middleware system of volunteer cloud...
Implementing load balancing algorithm in middleware system of volunteer cloud...
 
Implementation of affordable computing using virtualization Gargee S Hiray
Implementation of affordable computing using virtualization Gargee S HirayImplementation of affordable computing using virtualization Gargee S Hiray
Implementation of affordable computing using virtualization Gargee S Hiray
 
forensic document examiner using graphology science
forensic document examiner using graphology scienceforensic document examiner using graphology science
forensic document examiner using graphology science
 
Graphology science(handwriting analysis
Graphology science(handwriting analysis Graphology science(handwriting analysis
Graphology science(handwriting analysis
 
Final presentation (1) (1)
Final presentation (1) (1)Final presentation (1) (1)
Final presentation (1) (1)
 

Cyber crime an eye opener 144 te 2 t-7

  • 1. CYBER CRIME AN EYE OPENER – SQL INJECTION (SQLIA’S) Seminar Guide Prof.S A Shinde Gargee S Hiray TE 2 Roll no : 144
  • 2. SOME QUESTIONS ?  What are we so concerned about?  What are we trying to protect?  What an Ethical Hacker is and does ?
  • 3. WHAT ARE WE SO CONCERNED ABOUT?
  • 4. WHAT ARE WE TRYING TO PROTECT?
  • 5. WHAT AN HACKER IS AND DOES ?  Someone who seeks and exploits weaknesses in a computer system or computer network  Who makes innovative customizations or computer equipment.  Who combines excellence, playfulness and cleverness in performed activities
  • 7. OVER VIEW What is SQL INJECTION ?  How common is it?  Can we hack website easily ?  How does it work ?  Finding SQL Injection .  Protecting against SQL Injection  Impact of SQL Injection.  SQL injection Conclusion. 
  • 8. WHAT IS SQL INJECTION?  SQL Injections are attacks by which an attacker alters the structure of the original SQL query by injecting SQL code in the input fields of the web form in order to gain unauthorized access to the database.
  • 9. HOW COMMON IS IT? It is probably the most common Website vulnerability today!  It is a flaw in "web application" development, it is not a DB or web server problem  More than 60 % of the websites are Hacked due to SQL Injection . 
  • 10. CAN WE HACK WEBSITE EASILY ?
  • 11. HOW DOES IT WORK ?
  • 12.
  • 13. FINDING SQL INJECTION 1. Submit a single quote as input ' If an error results, app is vulnerable. If no error, check for any output changes. 2. Submit two single quotes. Databases use ’’ to represent literal ’ If error disappears, app is vulnerable. 3. Try string or numeric operators.
  • 14. EXAMPLES ' or '1'='1' -- '  ' or '1'='1' ({ ‘  ' or '1'='1' /* ‘  ' or '1'=‘1 
  • 15. PROTECTING AGAINST SQL INJECTION strong design  correct input validation 
  • 16. IMPACT OF SQL INJECTION 1. 2. 3. 4. 5. Leakage of sensitive information. Reputation decline. Modification of sensitive information. Loss of control of db server. Data loss.
  • 17. SQL INJECTION CONCLUSION SQL injection is technique for exploiting applications that use relational databases as their back end.  Transform the innocent SQL calls to a malicious call  Cause unauthorized access, deletion of data, or theft of information 
  • 18. REFERENCES  SQL INJECTIONS – A HAZARD TO WEB APPLICATIONS By- Neha Singh and Ravindra Kumar Purwar Issue 6, June 2012.  SQL INJECTION ATTACKS DETECTION IN ADVERSARI AL ENVIRONMENTS BY K-CENTERS Issue 15-17 July, 2012 http://www.britannica.com/EBchecked/topic/130595 /cybercrime  http://www.acunetix.com/websitesecurity/sqlinjection/ 