SlideShare a Scribd company logo

Database Threats - Information System Security

Download as PPTX, PDF
sandra sukarieh
sandra sukarieh

a seminar for Information System Security in the faculty of Information Technology Engineering in Damascus University

Technology
1 of 17
Database Threats Information System Security Presented by: Abdul Majeed Al-Kattan Rabee Al-Rass Rahaf Aamer Rimon Koroni Sandra Sukarieh
The Content • Sensitive Data Exposure. • Security Misconfiguration. • SQL Injection (Blind) • Insecure Direct Object Reference • Cross Site Scripting • Denial of Service Information System Security 2
Sensitive Data Exposure Information System Security 3
Security Misconfiguration Information System Security 4
SQL Injection • Can be achieved when sending unreliable data to the interpreter as a part of a command or a query. • Malicious data of the attacker can fool the interpreter to: 1. Execute banned orders. 2. Access data without authority . 3. Harm the content of the database. Information System Security 5
SQL Injection Information System Security 6
SQL Injection Prevention • Escape String : 1. mysqli_real_escape_string() 2. Addslashes() • Example: x’ or ‘x’=‘x’ – When mysqli_real_escape_string is applied x’ or ’x’=’x’ -- Information System Security 7
Insecure Direct Object Reference • The insecure gap of direct object reference comes up when the programmer expose the references to internal components such as files, folders, or database keys. • Without access control tools and other methods of protection, the hacker can manipulate these references to reach the data without proper authority. Information System Security 8
Insecure Direct Object Reference Information System Security 9
Insecure Direct Object Reference Prevention • Never expose application or database internal details to public. • Hide system objects with ambiguous names and do encryption to values. • Use sessions instead of cookies alone. Information System Security 10
Cross Site Scripting • Programming gaps appear across the site when the application receives non reliable data and sends it to the browser without checking or overcoming (escaping). • Programming gaps across the site allow the attacker to implement “scripts” in the browser of the victim, which may lead to: 1. The theft of the user’s session. 2. Distortion of the website. 3. Redirect the user to other malicious sites. Information System Security 11
Cross Site Scripting Information System Security 12
Cross Site Scripting Prevention • Contextual Encoding: 1. HTML Encoding. 2. JavaScript Encoding. 3. CSS Encoding. Information System Security 13
Denial Of Service • One of the methods used to inundate the special service of the database or the application with a stream of requests, leading to deprive the real users from the service. • This attack can be achieved with the tool slowhttptest. Information System Security 14
Denial Of Service Information System Security 15
Denial of Service Prevention • Firewall. • Cloud Mitigation Provider DDoS attack Detection and Monitoring. • Flow-Based Monitoring (PLXfbm) . • service monitors netflow on your router. Information System Security 16
Thank You.

Recommended

Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 

Recommended

Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1Ali Habeeb
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
Information security
Information securityInformation security
Information securityYogeshwari M Yogi
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Dalia Reda
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breachesxband
 
Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsJosh Moulin, MSISA,CISSP
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
Management information system
Management information systemManagement information system
Management information systemMuhammad Khurram Baig
 

More Related Content

What's hot

Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Dalia Reda
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breachesxband
 
Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsJosh Moulin, MSISA,CISSP
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 

What's hot (20)

Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
презентация1
презентация1презентация1
презентация1
 
Topic11
Topic11Topic11
Topic11
 
Information security
Information securityInformation security
Information security
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breaches
 
Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and Individuals
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 

Viewers also liked

System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
Management information system unit v
Management information system unit vManagement information system unit v
Management information system unit vpanibatla neeta
 
Management Information System
Management Information SystemManagement Information System
Management Information SystemNijaz N
 
MIS Case Study Geneva Pharma
MIS Case Study Geneva PharmaMIS Case Study Geneva Pharma
MIS Case Study Geneva Pharmadhiraj.gaur
 
Management information system (MIS)
Management information system (MIS)Management information system (MIS)
Management information system (MIS)Pawel Gautam
 
Chapter 4 Mis Case Study Mumbai Dabbawalas
Chapter 4 Mis Case Study Mumbai DabbawalasChapter 4 Mis Case Study Mumbai Dabbawalas
Chapter 4 Mis Case Study Mumbai Dabbawalasmanagement 2
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
Management Information System
Management Information SystemManagement Information System
Management Information SystemZeinul Haleem
 
Management information system
Management information system Management information system
Management information system Manish Kaushik
 
Case study domino's sizzles on MIS
Case study domino's sizzles on MISCase study domino's sizzles on MIS
Case study domino's sizzles on MISSamsuddoha Sams
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero hondaneelnmanju
 
MIS in Walmart
MIS in Walmart MIS in Walmart
MIS in Walmart SZABIST
 

Viewers also liked (20)

System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
Management information system
Management information systemManagement information system
Management information system
 
Management information system unit v
Management information system unit vManagement information system unit v
Management information system unit v
 
Mis case studies
Mis case studies Mis case studies
Mis case studies
 
Management Information System
Management Information SystemManagement Information System
Management Information System
 
MIS Case Study Geneva Pharma
MIS Case Study Geneva PharmaMIS Case Study Geneva Pharma
MIS Case Study Geneva Pharma
 
MANAGEMENT INFORMATION SYSTEM
MANAGEMENT INFORMATION SYSTEMMANAGEMENT INFORMATION SYSTEM
MANAGEMENT INFORMATION SYSTEM
 
Management information system (MIS)
Management information system (MIS)Management information system (MIS)
Management information system (MIS)
 
Chapter 4 Mis Case Study Mumbai Dabbawalas
Chapter 4 Mis Case Study Mumbai DabbawalasChapter 4 Mis Case Study Mumbai Dabbawalas
Chapter 4 Mis Case Study Mumbai Dabbawalas
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Management Information System
Management Information SystemManagement Information System
Management Information System
 
Security threats
Security threatsSecurity threats
Security threats
 
Management information system
Management information system Management information system
Management information system
 
Case study domino's sizzles on MIS
Case study domino's sizzles on MISCase study domino's sizzles on MIS
Case study domino's sizzles on MIS
 
Mis lecture ppt
Mis lecture pptMis lecture ppt
Mis lecture ppt
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero honda
 
MIS Case Study
MIS Case StudyMIS Case Study
MIS Case Study
 
MIS in walmart
MIS in walmartMIS in walmart
MIS in walmart
 
Management Information Systems (MIS)
Management Information Systems (MIS) Management Information Systems (MIS)
Management Information Systems (MIS)
 
MIS in Walmart
MIS in Walmart MIS in Walmart
MIS in Walmart
 

Similar to Database Threats - Information System Security

Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web DevelopersKrishna Srikanth Manda
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptSilverGold16
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Owasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilitiesOwasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilitiesRIZWAN HASAN
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTrivadis
 
owasp features in secure coding techniques
owasp features in secure coding techniquesowasp features in secure coding techniques
owasp features in secure coding techniquesSri Latha
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 

Similar to Database Threats - Information System Security (20)

Isys20261 lecture 09
Isys20261 lecture 09Isys20261 lecture 09
Isys20261 lecture 09
 
Web Security
Web SecurityWeb Security
Web Security
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web Developers
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
 
owasp top 10.ppt
owasp top 10.pptowasp top 10.ppt
owasp top 10.ppt
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Web security uploadv1
Web security uploadv1Web security uploadv1
Web security uploadv1
 
Owasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilitiesOwasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilities
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
 
owasp features in secure coding techniques
owasp features in secure coding techniquesowasp features in secure coding techniques
owasp features in secure coding techniques
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 

More from sandra sukarieh

SPRAP - Master Thesis Defense
SPRAP - Master Thesis DefenseSPRAP - Master Thesis Defense
SPRAP - Master Thesis Defensesandra sukarieh
 
Cloud Computing Interoperability in Education
Cloud Computing Interoperability in EducationCloud Computing Interoperability in Education
Cloud Computing Interoperability in Educationsandra sukarieh
 
Applications of Distributed Systems
Applications of Distributed SystemsApplications of Distributed Systems
Applications of Distributed Systemssandra sukarieh
 
Storyboarding - Information Systems Engineering
Storyboarding - Information Systems EngineeringStoryboarding - Information Systems Engineering
Storyboarding - Information Systems Engineeringsandra sukarieh
 
Timed Colored Perti Nets
Timed Colored Perti NetsTimed Colored Perti Nets
Timed Colored Perti Netssandra sukarieh
 
Web Server - Internet Applications
Web Server - Internet ApplicationsWeb Server - Internet Applications
Web Server - Internet Applicationssandra sukarieh
 

More from sandra sukarieh (9)

SPRAP - Master Thesis Defense
SPRAP - Master Thesis DefenseSPRAP - Master Thesis Defense
SPRAP - Master Thesis Defense
 
Master Thesis Seminar
Master Thesis SeminarMaster Thesis Seminar
Master Thesis Seminar
 
Schema learning
Schema learningSchema learning
Schema learning
 
Strong stubborn sets
Strong stubborn setsStrong stubborn sets
Strong stubborn sets
 
Cloud Computing Interoperability in Education
Cloud Computing Interoperability in EducationCloud Computing Interoperability in Education
Cloud Computing Interoperability in Education
 
Applications of Distributed Systems
Applications of Distributed SystemsApplications of Distributed Systems
Applications of Distributed Systems
 
Storyboarding - Information Systems Engineering
Storyboarding - Information Systems EngineeringStoryboarding - Information Systems Engineering
Storyboarding - Information Systems Engineering
 
Timed Colored Perti Nets
Timed Colored Perti NetsTimed Colored Perti Nets
Timed Colored Perti Nets
 
Web Server - Internet Applications
Web Server - Internet ApplicationsWeb Server - Internet Applications
Web Server - Internet Applications
 

Recently uploaded

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Database Threats - Information System Security

  • 1. Database Threats Information System Security Presented by: Abdul Majeed Al-Kattan Rabee Al-Rass Rahaf Aamer Rimon Koroni Sandra Sukarieh
  • 2. The Content • Sensitive Data Exposure. • Security Misconfiguration. • SQL Injection (Blind) • Insecure Direct Object Reference • Cross Site Scripting • Denial of Service Information System Security 2
  • 5. SQL Injection • Can be achieved when sending unreliable data to the interpreter as a part of a command or a query. • Malicious data of the attacker can fool the interpreter to: 1. Execute banned orders. 2. Access data without authority . 3. Harm the content of the database. Information System Security 5
  • 7. SQL Injection Prevention • Escape String : 1. mysqli_real_escape_string() 2. Addslashes() • Example: x’ or ‘x’=‘x’ – When mysqli_real_escape_string is applied x’ or ’x’=’x’ -- Information System Security 7
  • 8. Insecure Direct Object Reference • The insecure gap of direct object reference comes up when the programmer expose the references to internal components such as files, folders, or database keys. • Without access control tools and other methods of protection, the hacker can manipulate these references to reach the data without proper authority. Information System Security 8
  • 9. Insecure Direct Object Reference Information System Security 9
  • 10. Insecure Direct Object Reference Prevention • Never expose application or database internal details to public. • Hide system objects with ambiguous names and do encryption to values. • Use sessions instead of cookies alone. Information System Security 10
  • 11. Cross Site Scripting • Programming gaps appear across the site when the application receives non reliable data and sends it to the browser without checking or overcoming (escaping). • Programming gaps across the site allow the attacker to implement “scripts” in the browser of the victim, which may lead to: 1. The theft of the user’s session. 2. Distortion of the website. 3. Redirect the user to other malicious sites. Information System Security 11
  • 12. Cross Site Scripting Information System Security 12
  • 13. Cross Site Scripting Prevention • Contextual Encoding: 1. HTML Encoding. 2. JavaScript Encoding. 3. CSS Encoding. Information System Security 13
  • 14. Denial Of Service • One of the methods used to inundate the special service of the database or the application with a stream of requests, leading to deprive the real users from the service. • This attack can be achieved with the tool slowhttptest. Information System Security 14
  • 15. Denial Of Service Information System Security 15
  • 16. Denial of Service Prevention • Firewall. • Cloud Mitigation Provider DDoS attack Detection and Monitoring. • Flow-Based Monitoring (PLXfbm) . • service monitors netflow on your router. Information System Security 16