• Save
Sql injection
Upcoming SlideShare
Loading in...5

Sql injection






Total Views
Views on SlideShare
Embed Views



1 Embed 1

https://drive.jolicloud.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • -Code-injection attacks: LDAP injection for LDAP directory and XPath injection for XML documents, ASP, PHP, HTML injection
  • -User input typically comes from form submissions that are sent to Web application via HTTP GET or POST requests. -Cookies are stored on the client machine. If a Web application uses the cookie’s contents to build SQL queries, an attacker could easily submit an attack by embedding it in the cookie -Server variables are the collection of variables that contain HTTP, network headers, & environmental variables. Web applications use these server variables in variety of ways, such as logging usage statistics & identifying browsing trends => attackers can forge these values
  • -Avoid detection by defensive coding practices & also many automated prevention techniques -Attackers have employed alternate methods of encoding their attack strings. Common scanning & detection techniques do not try to evaluate all specially encoded strings, thus allowing these attacks to go undetected -Different layers in an application have different ways of handling alternate encodings -An effective code-based defense against alternate encodings is difficult to implement in practice
  • -Defensive coding practices: straightforward solution for eliminating these vulnerabilities -Detection & prevention techniques: assist developer & compensate for the shortcomings in the application of defensive coding

Sql injection Sql injection Presentation Transcript

  • AGENDAWhat is SQLWHAT is SQL injectionSQL Injection Attack TypesPrevention of SQL Injection Attack 2
  • WHAT IS SQL?SQL is a special-purpose programming language designed for managing data held in a relational database management systems (RDBMS).The scope of SQL includes data insert, query, update and delete, schema creation and modification, and data access control. 3
  • What is SQL injection?A class of code-injection attacks, in which data provided by the user is included in an SQL query in such a way that part of the user’s input is treated as SQL codeSQL injection is a technique to maliciously exploit applications that use client-supplied data in SQL statements. Attackers trick the SQL engine into executing unintended commands by supplying specially crafted string input, thereby gaining unauthorized access to a database in order to view or manipulate restricted data. SQL injection techniques may differ, but they all exploit a single vulnerability in the application: Incorrectly validated or non validated string literals are concatenated into a dynamic SQL statement, and interpreted as code by the SQL engine. 4
  • Example of SQL injection 5
  • TYPES OF SQL ATTACKS1)First Order Attack:-The attacker can simply enter a malicious string and cause the modified code to be executed immediately.2)Second Order Attack:-The attacker injects into persistent storage (such as a table row) which is deemed as a trusted source. An attack is subsequently executed by another activity.3)Lateral Injection:-The attacker can manipulate the implicit functionTo_Char() by changing the values of the environment variables, NLS_Date_Format orNLS_Numeric_Characters. 6
  • Injection MechanismInjection through user input First-orderInjection through cookies injectionInjection through server variablesSecond-order injection 7
  • Injection MechanismFirst-order injection Second-order injection The application processes • The application stores that the input, causing the input for future use (usually attacker’s injected SQL query in the database), and to execute. responds to the request. • The attacker submits a second (different) request. • To handle the second request, the application retrieves the stored input and processes it, causing the attacker’s injected SQL query to execute. 8
  • Attack IntentDetermining database schemaExtracting dataAdding or modifying dataBypassing authentication 9
  • InferenceInject commands into the site and then observe how the function/response of the website changes Blind injection Timing attacks 10
  • Blind SQL injectionThe information must be inferred from the behavior of the page by asking the server true/false questions 11
  • Timing AttacksGain information by observing timing delays in the response of the database 12
  • Alternate EncodingEmploy alternate methods of encoding attack stringsSELECT accounts FROM usersWHERE login = ‘doe’; exec(char(0x73697574646f776e)) --’ AND pass = ‘’ AND pin = 13
  • Prevention of SQLIAsThe root cause of SQL injection vulnerabilities is insufficient input validationSolution: Defensive coding practices Detection & Prevention techniques 14
  • REFERENCESwww.wikipedia.comwww.google.comdownload.oracle.com