SlideShare a Scribd company logo

7 ayushpandey

A
Ayush Pandey

engineering students and teachers

Technology
1 of 14
Download to read offline
PRESENTATION ON SQL Injection Submitted To- Dr.Gopal krishan Sharma (Dept. of Computer Science) Submitted by- Ayush Pandey (B.C.A. Final Year)
Contents ● What is SQL. ● How does SQL Injection work. ● Example of SQL Injection. ● Diagram of SQL Injection.
WHAT IS SQL? ✔ SQL stands for Structured Query Language ✔ Allows us to access a database ✔ ANSI and ISO standard computer language ✔ The most current standard is SQL99 ✔ SQL can: ✔ execute queries against a database ✔ retrieve data from a database ✔ insert new records in a database ✔ delete records from a database ✔ update records in a database
WHAT IS A SQL INJECTION ATTACK? ✔ Many web applications take user input from a form ✔ Often this user input is used literally in the construction of a SQL query submitted to a database. For example: SELECT productdata FROM table WHERE productname = ‘user input product name’; ✔ A SQL injection attack involves placing SQL statements in the user input
Row 1 Row 2 Row 3 Row 4 0 2 4 6 8 10 12 Column 1 Column 2 Column 3
SQL Injection Steps ✔ Searching for a vulnerable point ✔ Fingerprinting the back-end DB. ✔ Enumerating or retrieving data of interesting table dumps, usernamepassword etc. ✔ Eventual exploiting the system once the information is handy -OS take over,data change, web server take over etc.
7 ayushpandey
7 ayushpandey

Recommended

Testcase Preparation Checklist
Testcase Preparation ChecklistTestcase Preparation Checklist
Testcase Preparation Checklist
Sreeram Kishore Chavali
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
[Kerference] Nefarious SQL - 김동호(KERT)
[Kerference] Nefarious SQL - 김동호(KERT)[Kerference] Nefarious SQL - 김동호(KERT)
[Kerference] Nefarious SQL - 김동호(KERT)
NAVER D2
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
Nitish Kumar
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
Kumar
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
chaitanya Lotankar
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
Kaustav Sengupta
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
Kaustav Sengupta
 

Recommended

Testcase Preparation Checklist
Testcase Preparation ChecklistTestcase Preparation Checklist
Testcase Preparation Checklist
Sreeram Kishore Chavali
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
[Kerference] Nefarious SQL - 김동호(KERT)
[Kerference] Nefarious SQL - 김동호(KERT)[Kerference] Nefarious SQL - 김동호(KERT)
[Kerference] Nefarious SQL - 김동호(KERT)
NAVER D2
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
Nitish Kumar
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
Kumar
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
chaitanya Lotankar
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
Kaustav Sengupta
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
Kaustav Sengupta
 
SQL Injection - Newsletter
SQL Injection - NewsletterSQL Injection - Newsletter
SQL Injection - Newsletter
Smitha Padmanabhan
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx
0567Padma
 
Sql injection
Sql injectionSql injection
Sql injection
Safwan Hashmi
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
Lakshika Rasanjali
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
Jürgen Ambrosi
 
Sql security
Sql securitySql security
Sql security
Safwan Hashmi
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
Compare Infobase Limited
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
CNSHacking
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
LokeshK66
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL Injection
Vortana Say
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
Jawhar Ali
 
Database security issues
Database security issuesDatabase security issues
Database security issues
n|u - The Open Security Community
 
SQL: University of Florida Libraries, Linked Data Working Group, Tech Talk 20...
SQL: University of Florida Libraries, Linked Data Working Group, Tech Talk 20...SQL: University of Florida Libraries, Linked Data Working Group, Tech Talk 20...
SQL: University of Florida Libraries, Linked Data Working Group, Tech Talk 20...
Allison Jai O'Dell
 
Database Fundamental Concepts- Series 1 - Performance Analysis
Database Fundamental Concepts- Series 1 - Performance AnalysisDatabase Fundamental Concepts- Series 1 - Performance Analysis
Database Fundamental Concepts- Series 1 - Performance Analysis
DAGEOP LTD
 
SQL Server 2000 Research Series - Transact SQL
SQL Server 2000 Research Series - Transact SQLSQL Server 2000 Research Series - Transact SQL
SQL Server 2000 Research Series - Transact SQL
Jerry Yang
 
Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid
Ahmed Ghazey
 
SQL Server 2016 novelties
SQL Server 2016 noveltiesSQL Server 2016 novelties
SQL Server 2016 novelties
MSDEVMTL
 
Chapter09
Chapter09Chapter09
Chapter09
sasa_eldoby
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
guest378d3c
 
Writing Recursive Queries
Writing Recursive QueriesWriting Recursive Queries
Writing Recursive Queries
Ben Lis
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
FIDO Alliance
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
AnubhavMangla3
 

More Related Content

Similar to 7 ayushpandey

2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
Jürgen Ambrosi
 
SQL Server 2000 Research Series - Transact SQL
SQL Server 2000 Research Series - Transact SQLSQL Server 2000 Research Series - Transact SQL
SQL Server 2000 Research Series - Transact SQL
Jerry Yang
 

Similar to 7 ayushpandey (20)

SQL Injection - Newsletter
SQL Injection - NewsletterSQL Injection - Newsletter
SQL Injection - Newsletter
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
 
Sql security
Sql securitySql security
Sql security
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL Injection
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
SQL: University of Florida Libraries, Linked Data Working Group, Tech Talk 20...
SQL: University of Florida Libraries, Linked Data Working Group, Tech Talk 20...SQL: University of Florida Libraries, Linked Data Working Group, Tech Talk 20...
SQL: University of Florida Libraries, Linked Data Working Group, Tech Talk 20...
 
Database Fundamental Concepts- Series 1 - Performance Analysis
Database Fundamental Concepts- Series 1 - Performance AnalysisDatabase Fundamental Concepts- Series 1 - Performance Analysis
Database Fundamental Concepts- Series 1 - Performance Analysis
 
SQL Server 2000 Research Series - Transact SQL
SQL Server 2000 Research Series - Transact SQLSQL Server 2000 Research Series - Transact SQL
SQL Server 2000 Research Series - Transact SQL
 
Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid
 
SQL Server 2016 novelties
SQL Server 2016 noveltiesSQL Server 2016 novelties
SQL Server 2016 novelties
 
Chapter09
Chapter09Chapter09
Chapter09
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Writing Recursive Queries
Writing Recursive QueriesWriting Recursive Queries
Writing Recursive Queries
 

Recently uploaded

TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 

Recently uploaded (20)

ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 

7 ayushpandey

  • 1. PRESENTATION ON SQL Injection Submitted To- Dr.Gopal krishan Sharma (Dept. of Computer Science) Submitted by- Ayush Pandey (B.C.A. Final Year)
  • 2.
  • 3. Contents ● What is SQL. ● How does SQL Injection work. ● Example of SQL Injection. ● Diagram of SQL Injection.
  • 4. WHAT IS SQL? ✔ SQL stands for Structured Query Language ✔ Allows us to access a database ✔ ANSI and ISO standard computer language ✔ The most current standard is SQL99 ✔ SQL can: ✔ execute queries against a database ✔ retrieve data from a database ✔ insert new records in a database ✔ delete records from a database ✔ update records in a database
  • 5.
  • 6. WHAT IS A SQL INJECTION ATTACK? ✔ Many web applications take user input from a form ✔ Often this user input is used literally in the construction of a SQL query submitted to a database. For example: SELECT productdata FROM table WHERE productname = ‘user input product name’; ✔ A SQL injection attack involves placing SQL statements in the user input
  • 7. Row 1 Row 2 Row 3 Row 4 0 2 4 6 8 10 12 Column 1 Column 2 Column 3
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. SQL Injection Steps ✔ Searching for a vulnerable point ✔ Fingerprinting the back-end DB. ✔ Enumerating or retrieving data of interesting table dumps, usernamepassword etc. ✔ Eventual exploiting the system once the information is handy -OS take over,data change, web server take over etc.