2. What is SQL injection?
The ability to inject SQL commands into the database engine through an existing
application
3. SQL INJECTION
Many web applications take user input from a form
Often this user input is used literally in the construction of a SQL query submitted to a
database. For example:
SELECT product data FROM table WHERE product name = ‘user input product name’;
A SQL injection attack involves placing SQL statements in the user input
4. HOW DOES SQL INJECTION WORK?
Common vulnerable login query
SELECT * FROM users
WHERE login = 'victor'
AND password = '123'
(If it returns something then login)
ASP/MS SQL Server login syntax
var sql = "SELECT * FROM users
WHERE login = '" + formusr +
"' AND password = '" + formpwd + "'";
5.
6. OTHER INJECTION POSSIBILITIES
Using SQL injections, attackers can:
Add new data to the database
Perform an INSERT in the injected SQL
Modify data currently in the database
Perform an UPDATE in the injected SQL
Often can gain access to other user's system
capabilities by obtaining their password
7. MALICIOUS SOFTWARE
“A Malware is the set of instructions that run on your computer and make system do
something that an attacker wants it to do”
9. COMPUTER VIRUS
Computer viruses are small software programs that are designed to spread from one
computer to another and to interfere with computer operation.
10. WORM
It is one of the most dangerous malicious program. It has the capability to spread, without
any human action.
12. Differences Computer Viruses Computer Worms
Definition The virus is the program code that
attaches itself to application
program and when application
program run it runs along with it
The worm is code that replicate itself in
order to consume resources to bring it
down.
How does it infect a
computer
It inserts itself into a file or executable
program
It exploits a weakness in an application
or
operating system by replicating itself.
How can it
spread?
It has to rely on users transferring
infected files/programs to other
computer systems
It has to rely on users transferring
infected files/programs to other
computer systems
Does it
infect
files?
Yes, it deletes or modifies files.
Sometimes a virus also changes
the location of files.
Usually not. Worms usually only
monopolize the CPU and memory.
Whose speed is more? virus is slower than worm worm is faster than virus. E.g.The code
red worm affected 3 lack PCs in just 14
Hrs.
13. TROJAN
Trojan is a malicious software, which at first glance will appear to be the useful software but
will actually damage once installed or run on your computer
14. IMPACTS OF TROJAN
Trojan performs the following actions :
Deleting data
Active silly icons and change desktop
Modifying data
Copying data
Disrupting the performance of computers
Create backdoor
15. WHAT IS MITM ?
A man-in-the-middle (MITM) attack is a form of eavesdropping where communication
between two users is monitored and modified by an unauthorized party. Generally, the
attacker actively eavesdrops by intercepting a public key message exchange and
retransmits the message while replacing the requested key with his own.
16. MITM ATTACK IS ALSO KNOWN AS
Bucket-brigade attack
Fire brigade attack
Monkey-in-the-middle attack
Session hijacking
TCP hijacking
TCP session hijacking
17. NAME ORIGIN
The name "Man-in-the-Middle" is derived from the basketball scenario where two players
intend to pass a ball to each other while one player between them tries to seize it. MITM
attacks are sometimes referred to as "bucket brigade attacks“ or "fire brigade attacks."
Those names are derived from the fire brigade operation of dousing off the fire by passing
buckets from one person to another between the water source and the fire.
18. HOW DOES IT WORK?
Man in the middle is known most to others as "session hijacking" and to general public as
"hijacking". These hackers are primarily targeting specific data about the transactions on
computers. This can be anything from an email to a bank transaction that said the hackers
begin their investigation of the party of interest
19. HOW TO PREVENT FROM THIS ATTACK?
Maintain proper coding pattern
Don’t use third party software
Use anti virus
Don’t use public wife network
All always update your operating system