SlideShare una empresa de Scribd logo

Database Threats - Information System Security

Descargar como PPTX, PDF
sandra sukarieh
sandra sukarieh

a seminar for Information System Security in the faculty of Information Technology Engineering in Damascus University

Tecnología
1 de 17
Database Threats Information System Security Presented by: Abdul Majeed Al-Kattan Rabee Al-Rass Rahaf Aamer Rimon Koroni Sandra Sukarieh
The Content • Sensitive Data Exposure. • Security Misconfiguration. • SQL Injection (Blind) • Insecure Direct Object Reference • Cross Site Scripting • Denial of Service Information System Security 2
Sensitive Data Exposure Information System Security 3
Security Misconfiguration Information System Security 4
SQL Injection • Can be achieved when sending unreliable data to the interpreter as a part of a command or a query. • Malicious data of the attacker can fool the interpreter to: 1. Execute banned orders. 2. Access data without authority . 3. Harm the content of the database. Information System Security 5
SQL Injection Information System Security 6
SQL Injection Prevention • Escape String : 1. mysqli_real_escape_string() 2. Addslashes() • Example: x’ or ‘x’=‘x’ – When mysqli_real_escape_string is applied x’ or ’x’=’x’ -- Information System Security 7
Insecure Direct Object Reference • The insecure gap of direct object reference comes up when the programmer expose the references to internal components such as files, folders, or database keys. • Without access control tools and other methods of protection, the hacker can manipulate these references to reach the data without proper authority. Information System Security 8
Insecure Direct Object Reference Information System Security 9
Insecure Direct Object Reference Prevention • Never expose application or database internal details to public. • Hide system objects with ambiguous names and do encryption to values. • Use sessions instead of cookies alone. Information System Security 10
Cross Site Scripting • Programming gaps appear across the site when the application receives non reliable data and sends it to the browser without checking or overcoming (escaping). • Programming gaps across the site allow the attacker to implement “scripts” in the browser of the victim, which may lead to: 1. The theft of the user’s session. 2. Distortion of the website. 3. Redirect the user to other malicious sites. Information System Security 11
Cross Site Scripting Information System Security 12
Cross Site Scripting Prevention • Contextual Encoding: 1. HTML Encoding. 2. JavaScript Encoding. 3. CSS Encoding. Information System Security 13
Denial Of Service • One of the methods used to inundate the special service of the database or the application with a stream of requests, leading to deprive the real users from the service. • This attack can be achieved with the tool slowhttptest. Information System Security 14
Denial Of Service Information System Security 15
Denial of Service Prevention • Firewall. • Cloud Mitigation Provider DDoS attack Detection and Monitoring. • Flow-Based Monitoring (PLXfbm) . • service monitors netflow on your router. Information System Security 16
Thank You.

Recomendados

Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
Imperva
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
Security and management
Security and managementSecurity and management
Security and management
ArtiSolanki5
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
newbie2019
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
Cyber security
Cyber securityCyber security
Cyber security
Eduonix
 

Recomendados

Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
Imperva
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
Security and management
Security and managementSecurity and management
Security and management
ArtiSolanki5
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
newbie2019
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
Cyber security
Cyber securityCyber security
Cyber security
Eduonix
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
Ali Habeeb
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
презентация1
презентация1презентация1
презентация1
sagidullaa01
 
Topic11
Topic11Topic11
Topic11
Anne Starr
 
Information security
Information securityInformation security
Information security
Yogeshwari M Yogi
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
newbie2019
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Dalia Reda
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breaches
xband
 
Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and Individuals
Josh Moulin, MSISA,CISSP
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
Community IT Innovators
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
Mohammed Adam
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 
Management information system
Management information systemManagement information system
Management information system
Muhammad Khurram Baig
 

Más contenido relacionado

La actualidad más candente

InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Dalia Reda
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
Community IT Innovators
 

La actualidad más candente (20)

Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
презентация1
презентация1презентация1
презентация1
 
Topic11
Topic11Topic11
Topic11
 
Information security
Information securityInformation security
Information security
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breaches
 
Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and Individuals
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 

Destacado

Chapter 4 Mis Case Study Mumbai Dabbawalas
Chapter 4 Mis Case Study Mumbai DabbawalasChapter 4 Mis Case Study Mumbai Dabbawalas
Chapter 4 Mis Case Study Mumbai Dabbawalas
management 2
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
swapneel07
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero honda
neelnmanju
 
MIS in Walmart
MIS in Walmart MIS in Walmart
MIS in Walmart
SZABIST
 

Destacado (20)

System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
Management information system
Management information systemManagement information system
Management information system
 
Management information system unit v
Management information system unit vManagement information system unit v
Management information system unit v
 
Mis case studies
Mis case studies Mis case studies
Mis case studies
 
Management Information System
Management Information SystemManagement Information System
Management Information System
 
MIS Case Study Geneva Pharma
MIS Case Study Geneva PharmaMIS Case Study Geneva Pharma
MIS Case Study Geneva Pharma
 
MANAGEMENT INFORMATION SYSTEM
MANAGEMENT INFORMATION SYSTEMMANAGEMENT INFORMATION SYSTEM
MANAGEMENT INFORMATION SYSTEM
 
Management information system (MIS)
Management information system (MIS)Management information system (MIS)
Management information system (MIS)
 
Chapter 4 Mis Case Study Mumbai Dabbawalas
Chapter 4 Mis Case Study Mumbai DabbawalasChapter 4 Mis Case Study Mumbai Dabbawalas
Chapter 4 Mis Case Study Mumbai Dabbawalas
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Management Information System
Management Information SystemManagement Information System
Management Information System
 
Security threats
Security threatsSecurity threats
Security threats
 
Management information system
Management information system Management information system
Management information system
 
Case study domino's sizzles on MIS
Case study domino's sizzles on MISCase study domino's sizzles on MIS
Case study domino's sizzles on MIS
 
Mis lecture ppt
Mis lecture pptMis lecture ppt
Mis lecture ppt
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero honda
 
MIS Case Study
MIS Case StudyMIS Case Study
MIS Case Study
 
MIS in walmart
MIS in walmartMIS in walmart
MIS in walmart
 
Management Information Systems (MIS)
Management Information Systems (MIS) Management Information Systems (MIS)
Management Information Systems (MIS)
 
MIS in Walmart
MIS in Walmart MIS in Walmart
MIS in Walmart
 

Similar a Database Threats - Information System Security

Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
SilverGold16
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
Security Innovation
 

Similar a Database Threats - Information System Security (20)

Isys20261 lecture 09
Isys20261 lecture 09Isys20261 lecture 09
Isys20261 lecture 09
 
Web Security
Web SecurityWeb Security
Web Security
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web Developers
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
 
owasp top 10.ppt
owasp top 10.pptowasp top 10.ppt
owasp top 10.ppt
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Web security uploadv1
Web security uploadv1Web security uploadv1
Web security uploadv1
 
Owasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilitiesOwasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilities
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
 
owasp features in secure coding techniques
owasp features in secure coding techniquesowasp features in secure coding techniques
owasp features in secure coding techniques
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 

Más de sandra sukarieh

Más de sandra sukarieh (9)

SPRAP - Master Thesis Defense
SPRAP - Master Thesis DefenseSPRAP - Master Thesis Defense
SPRAP - Master Thesis Defense
 
Master Thesis Seminar
Master Thesis SeminarMaster Thesis Seminar
Master Thesis Seminar
 
Schema learning
Schema learningSchema learning
Schema learning
 
Strong stubborn sets
Strong stubborn setsStrong stubborn sets
Strong stubborn sets
 
Cloud Computing Interoperability in Education
Cloud Computing Interoperability in EducationCloud Computing Interoperability in Education
Cloud Computing Interoperability in Education
 
Applications of Distributed Systems
Applications of Distributed SystemsApplications of Distributed Systems
Applications of Distributed Systems
 
Storyboarding - Information Systems Engineering
Storyboarding - Information Systems EngineeringStoryboarding - Information Systems Engineering
Storyboarding - Information Systems Engineering
 
Timed Colored Perti Nets
Timed Colored Perti NetsTimed Colored Perti Nets
Timed Colored Perti Nets
 
Web Server - Internet Applications
Web Server - Internet ApplicationsWeb Server - Internet Applications
Web Server - Internet Applications
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Database Threats - Information System Security

  • 1. Database Threats Information System Security Presented by: Abdul Majeed Al-Kattan Rabee Al-Rass Rahaf Aamer Rimon Koroni Sandra Sukarieh
  • 2. The Content • Sensitive Data Exposure. • Security Misconfiguration. • SQL Injection (Blind) • Insecure Direct Object Reference • Cross Site Scripting • Denial of Service Information System Security 2
  • 5. SQL Injection • Can be achieved when sending unreliable data to the interpreter as a part of a command or a query. • Malicious data of the attacker can fool the interpreter to: 1. Execute banned orders. 2. Access data without authority . 3. Harm the content of the database. Information System Security 5
  • 7. SQL Injection Prevention • Escape String : 1. mysqli_real_escape_string() 2. Addslashes() • Example: x’ or ‘x’=‘x’ – When mysqli_real_escape_string is applied x’ or ’x’=’x’ -- Information System Security 7
  • 8. Insecure Direct Object Reference • The insecure gap of direct object reference comes up when the programmer expose the references to internal components such as files, folders, or database keys. • Without access control tools and other methods of protection, the hacker can manipulate these references to reach the data without proper authority. Information System Security 8
  • 9. Insecure Direct Object Reference Information System Security 9
  • 10. Insecure Direct Object Reference Prevention • Never expose application or database internal details to public. • Hide system objects with ambiguous names and do encryption to values. • Use sessions instead of cookies alone. Information System Security 10
  • 11. Cross Site Scripting • Programming gaps appear across the site when the application receives non reliable data and sends it to the browser without checking or overcoming (escaping). • Programming gaps across the site allow the attacker to implement “scripts” in the browser of the victim, which may lead to: 1. The theft of the user’s session. 2. Distortion of the website. 3. Redirect the user to other malicious sites. Information System Security 11
  • 12. Cross Site Scripting Information System Security 12
  • 13. Cross Site Scripting Prevention • Contextual Encoding: 1. HTML Encoding. 2. JavaScript Encoding. 3. CSS Encoding. Information System Security 13
  • 14. Denial Of Service • One of the methods used to inundate the special service of the database or the application with a stream of requests, leading to deprive the real users from the service. • This attack can be achieved with the tool slowhttptest. Information System Security 14
  • 15. Denial Of Service Information System Security 15
  • 16. Denial of Service Prevention • Firewall. • Cloud Mitigation Provider DDoS attack Detection and Monitoring. • Flow-Based Monitoring (PLXfbm) . • service monitors netflow on your router. Information System Security 16