Sakib Sami, profile picture
Uploaded bySakib Sami
PPT, PDF421 views

Cyber security

The document discusses web application security, focusing primarily on SQL injection (SQLi) as a common vulnerability that can lead to unauthorized access and data manipulation. It emphasizes the importance of input validation, least privilege database access, and various tools available for enhancing site security. Additionally, it includes case studies related to self-security and preventative measures against hacking.

Technology
Related topics:
Cyber-Security

Embed presentation

Download to read offline
Cyber Security Md. Samiul Alim Sakib me@sakibsami.com http:/fb.me/s4kibs4mi http://www.sakibsami.com
Web Application Security Most Common Vulnerability SQL Injection ( SQLi ) : App Killer
SQL Injection SQL injection is a technique where a user can inject malicious SQL commands into an SQL statement, via web page input. A successful SQL injection exploit can read sensitive data from the database, modify database data (insert/update/delete) and compromise the security of a web application.
Example Lets assume this is our code of login page
Browser Interface & Injection Login Page Login Page with malicious code
SQLi on real site
SQLi on real site
SQLi on real site
Preventing SQL Injection  You can prevent SQL injection if you adopt an input validation technique in which user input is authenticated against a set of defined rules for length, type and syntax and also against business rules.  You should ensure that users with the permission to access the database have the least privileges. Additionally, do not use system administrator accounts. Also, you should always make sure that a database user is created only for a specific application and this user is not able to access other applications.
Other common web application bugs  Cross site scripting ( XSS )  Cross Site Request Forgery ( CSRF )  Remote Code Execution ( RCE )  Remote File Inclusion ( RFI )  Local File Inclusion ( LFI )  Broken authentication etc
Tools to Secure your Site  MetaSploit ( http://www.metasploit.com )  Zap ( http://sourceforge.net/projects/zaproxy/ )  Brup Suite ( http://portswigger.net/burp/download.html ) etc
SELF Security Case Study Securing yourself
Case Study SMS Spoofi ng :
Case Study You got trapped. You just installed attacker's hacking tool ( RAT )
Case Study You are connected to hackers bot
Case Study
Case Study Have a look, now what can hacker do with your device :D
Case Study Now Hacker can do call,send sms from your device.
Case Study Can Monitor calls and smsS
Stay Secure  Use Linux based operating systems B|  Never believe anyone  Use a better anti-virus  Always keep PC firewall ON  Check URL before visiting any website  Always download app from play-store/app-store  Check app permissions while installing app  Use 2nd step verification on email or social networks
And who wants to be a Hacker !! Programming Programming Programming Programming Programming Programming Programming Programming Programming
Hacking or Defacing Hacking in Bangladesh perspective.
Any Question ???
Thank You :)

More Related Content

PPTX
Cyber security
byManjushree Mashal
 
PPTX
Enterprise Security and Cyber Security Cases
byHakan Yüksel
 
PPTX
Cyber Security
byJay Moliya
 
PPTX
Cyber security Information security
byAYESHA JAVED
 
PPTX
Cyber security
byShaibal Ahmed
 
PPTX
Securing data flow to and from organizations
byOPSWAT
 
PDF
A new way to prevent Botnet Attack
byyennhi2812
 
PPTX
Cyber security
bycolebassett
 
Cyber security
byManjushree Mashal
 
Enterprise Security and Cyber Security Cases
byHakan Yüksel
 
Cyber Security
byJay Moliya
 
Cyber security Information security
byAYESHA JAVED
 
Cyber security
byShaibal Ahmed
 
Securing data flow to and from organizations
byOPSWAT
 
A new way to prevent Botnet Attack
byyennhi2812
 
Cyber security
bycolebassett
 

What's hot

PPTX
Cyber security
byManjushree Mashal
 
PPTX
Cyber security
bymanoj duli
 
PPTX
CYBER SECURITY
byMohammad Shakirul islam
 
PPTX
cyber security
byBasineniUdaykumar
 
PDF
CyberSecurity - UH IEEE Presentation 2015-04
byKyle Lai
 
PPTX
cyber security,need,security problem and types of cyber security
byVansh Bathla
 
PDF
Cyber security
byPrem Raval
 
PPT
Cyber Security
byimtnoida112
 
PDF
Cyber Security Vulnerabilities
bySiemplify
 
PPTX
Cyber safety
byPrateekChaudhary44
 
PPT
Cyber security 22-07-29=013
byDr. Amitabha Yadav
 
PPTX
What is cyber security
bySAHANAHK
 
PPTX
Cyber security by nayan pandey
byRithikaD1
 
PPTX
Cybersecurity
byNebiyeLioul
 
PPTX
Cyber security snowe vazeer
bysnowe123
 
PDF
Cyber Security Analytics – The Weapon to Fight Cyber Crime
byHappiest Minds Technologies
 
PDF
Icit analysis-identity-access-management
byMark Gibson
 
PPT
SYSTEM SECURITY - Chapter 1 introduction
byAfna Crcs
 
PPT
Cyber crime and cyber security
byKaushal Solanki
 
PPTX
Introduction to Cyber Security | Malware | Phishing attacks
byKumayl Rajani
 
Cyber security
byManjushree Mashal
 
Cyber security
bymanoj duli
 
CYBER SECURITY
byMohammad Shakirul islam
 
cyber security
byBasineniUdaykumar
 
CyberSecurity - UH IEEE Presentation 2015-04
byKyle Lai
 
cyber security,need,security problem and types of cyber security
byVansh Bathla
 
Cyber security
byPrem Raval
 
Cyber Security
byimtnoida112
 
Cyber Security Vulnerabilities
bySiemplify
 
Cyber safety
byPrateekChaudhary44
 
Cyber security 22-07-29=013
byDr. Amitabha Yadav
 
What is cyber security
bySAHANAHK
 
Cyber security by nayan pandey
byRithikaD1
 
Cybersecurity
byNebiyeLioul
 
Cyber security snowe vazeer
bysnowe123
 
Cyber Security Analytics – The Weapon to Fight Cyber Crime
byHappiest Minds Technologies
 
Icit analysis-identity-access-management
byMark Gibson
 
SYSTEM SECURITY - Chapter 1 introduction
byAfna Crcs
 
Cyber crime and cyber security
byKaushal Solanki
 
Introduction to Cyber Security | Malware | Phishing attacks
byKumayl Rajani
 

Viewers also liked

PPT
Advanced SQL Injection
byamiable_indian
 
PDF
SQL injection: Not Only AND 1=1 (updated)
byBernardo Damele A. G.
 
PDF
SQL injection: Not only AND 1=1
byBernardo Damele A. G.
 
PDF
SQL injection exploitation internals
byBernardo Damele A. G.
 
PDF
Study: The Future of VR, AR and Self-Driving Cars
byLinkedIn
 
PPT
4.Xss
byphanleson
 
Advanced SQL Injection
byamiable_indian
 
SQL injection: Not Only AND 1=1 (updated)
byBernardo Damele A. G.
 
SQL injection: Not only AND 1=1
byBernardo Damele A. G.
 
SQL injection exploitation internals
byBernardo Damele A. G.
 
Study: The Future of VR, AR and Self-Driving Cars
byLinkedIn
 
4.Xss
byphanleson
 

Similar to Cyber security

PPT
Intro to Web Application Security
byRob Ragan
 
PPTX
Hackers versus Developers and Secure Web Programming
byAkash Mahajan
 
PPT
Bank One App Sec Training
byMike Spaulding
 
PPTX
Owasp Top 10 2017
bySamsonMuoki
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
DOCX
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
byAjith Kp
 
PPTX
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
byBoston Institute of Analytics
 
PDF
Crash Course In Brain Surgery
bymorisson
 
PPTX
Web Application Vulnerabilities
byPreetish Panda
 
PDF
Protect Your Database_ SQL Injection Attack Prevention.pdf
bySachin FromDev
 
PPTX
SANS @Night Talk: SQL Injection Exploited
byMicah Hoffman
 
PPT
unit1_last.pptsfsfsfsfsgeeyeeeyyeyeywwww
byzmulani8
 
PDF
My app is secure... I think
byWim Godden
 
PDF
Seminar2015Bilic_Nicole
byNicole Bili?
 
PPTX
Application and Website Security -- Fundamental Edition
byDaniel Owens
 
PPTX
Web Security
byRita Mehra
 
PDF
Problems with parameters b sides-msp
byMike Saunders
 
PDF
Ab cs of software security
byDavid Klassen
 
PDF
Spi dynamik-sql-inj
bydrkimsky
 
PPTX
State of the information security nation
bySensePost
 
Intro to Web Application Security
byRob Ragan
 
Hackers versus Developers and Secure Web Programming
byAkash Mahajan
 
Bank One App Sec Training
byMike Spaulding
 
Owasp Top 10 2017
bySamsonMuoki
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
byAjith Kp
 
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
byBoston Institute of Analytics
 
Crash Course In Brain Surgery
bymorisson
 
Web Application Vulnerabilities
byPreetish Panda
 
Protect Your Database_ SQL Injection Attack Prevention.pdf
bySachin FromDev
 
SANS @Night Talk: SQL Injection Exploited
byMicah Hoffman
 
unit1_last.pptsfsfsfsfsgeeyeeeyyeyeywwww
byzmulani8
 
My app is secure... I think
byWim Godden
 
Seminar2015Bilic_Nicole
byNicole Bili?
 
Application and Website Security -- Fundamental Edition
byDaniel Owens
 
Web Security
byRita Mehra
 
Problems with parameters b sides-msp
byMike Saunders
 
Ab cs of software security
byDavid Klassen
 
Spi dynamik-sql-inj
bydrkimsky
 
State of the information security nation
bySensePost
 

Recently uploaded

PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
How to Evaluate a High Performance Database
byScyllaDB
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PDF
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
How to Evaluate a High Performance Database
byScyllaDB
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 

Cyber security

  • 1.
    Cyber Security Md. SamiulAlim Sakib me@sakibsami.com http:/fb.me/s4kibs4mi http://www.sakibsami.com
  • 2.
    Web Application Security MostCommon Vulnerability SQL Injection ( SQLi ) : App Killer
  • 3.
    SQL Injection SQL injectionis a technique where a user can inject malicious SQL commands into an SQL statement, via web page input. A successful SQL injection exploit can read sensitive data from the database, modify database data (insert/update/delete) and compromise the security of a web application.
  • 4.
    Example Lets assume thisis our code of login page
  • 5.
    Browser Interface &Injection Login Page Login Page with malicious code
  • 6.
  • 7.
  • 8.
  • 9.
    Preventing SQL Injection  Youcan prevent SQL injection if you adopt an input validation technique in which user input is authenticated against a set of defined rules for length, type and syntax and also against business rules.  You should ensure that users with the permission to access the database have the least privileges. Additionally, do not use system administrator accounts. Also, you should always make sure that a database user is created only for a specific application and this user is not able to access other applications.
  • 10.
    Other common webapplication bugs  Cross site scripting ( XSS )  Cross Site Request Forgery ( CSRF )  Remote Code Execution ( RCE )  Remote File Inclusion ( RFI )  Local File Inclusion ( LFI )  Broken authentication etc
  • 11.
    Tools to Secureyour Site  MetaSploit ( http://www.metasploit.com )  Zap ( http://sourceforge.net/projects/zaproxy/ )  Brup Suite ( http://portswigger.net/burp/download.html ) etc
  • 12.
  • 13.
  • 14.
    Case Study You gottrapped. You just installed attacker's hacking tool ( RAT )
  • 15.
    Case Study You areconnected to hackers bot
  • 16.
  • 17.
    Case Study Have alook, now what can hacker do with your device :D
  • 18.
    Case Study Now Hackercan do call,send sms from your device.
  • 19.
    Case Study Can Monitorcalls and smsS
  • 20.
    Stay Secure  Use Linuxbased operating systems B|  Never believe anyone  Use a better anti-virus  Always keep PC firewall ON  Check URL before visiting any website  Always download app from play-store/app-store  Check app permissions while installing app  Use 2nd step verification on email or social networks
  • 21.
    And who wantsto be a Hacker !! Programming Programming Programming Programming Programming Programming Programming Programming Programming
  • 22.
    Hacking or Defacing Hackingin Bangladesh perspective.
  • 23.
  • 24.