Uploaded byVeenaShree20
PPTX, PDF48 views

cybersecurity and sql injection for students

The document discusses SQL injection, a web-based vulnerability that allows attackers to execute malicious SQL queries on databases, leading to issues such as identity spoofing, data modification, and unauthorized access. It outlines different types of SQL injection attacks, methodologies used by attackers, and provides examples of harmful SQL queries, along with prevention strategies like minimizing privileges and using secure coding practices. The increasing severity of these attacks poses significant risks and potential financial losses for organizations relying on databases.

Embed presentation

Download to read offline
TEAM MEMBERS – 1.) AMBUJ MISHRA – IPG_2014-012 2.) SHESHAN SHENIWAL – IPG_2014-080 3.)SUNIL KUMAR – IPG_2014-117
Statistics of various attacks
ABSTRACT • The main consequences of SQL injection includes loss of confidentiality , authentication as the attacker without providing the authentic username and password could successfully obtain access over the network by manipulating the logic of SQL commands. • In this presentation , we broadly focus on the SQL injection introduction , its associated threats , attacks , types ,methodology used by the attacker to implement SQL injection , SQL injection queries and its prevention.
What is SQL Injection ? • SQL Injection can be defined as a technique where hacker executes malicious SQL queries on the database server through web application to either gain access over the sensitive information or on the database. • This is the web based vulnerability which allows attacker to spoof the identity ,destroys the data present on the system and changes the record present on the database.
Threats • Identity Spoofing • Modifying the records resent in the database • Gaining access over administrative privileges • Denial of Service • Attacking machine’s performance
SQL Injection Attacks • Authentication Bypass • Leaking sensitive information • Loss of Data Integrity • Loss of availability of Data
Types of SQL Injection 1. In-band SQLi (classic SQLi) a.) Error-based SQLi b.) Union-based SQLi 2. Blind SQLi (inferential SQLi)
Union-Based SQLi • In union-based SQLi , a SQL query script is built by concatenating hard coded string with the string entered by the user. • Example of union-based SQLi:- Input- a’ UNION SELECT table_name,null FROM information_schema.tables# Query-SELECT userid , name FROM users WHERE id=‘a’ UNION SELECT table_name,null FROM information_schema.tables#’
Blind SQLi • Blind SQLi can be used to obtain access over sensitive information present in the database by asking series of TRUE or FALSE questions through SQL statements. • Example of blind SQLi:- Input- a’ OR 1=1# Query-SELECT userid , name FROM users WHERE id = ’a’ OR 1=1#’
Methodology Step by step methods used by the attacker to implement SQL injection are as following:  Information Gathering  SQL injection Vulnerability Detection  Launch SQL injection attack  Extract the data
SQL Injection Queries 1. Malicious SQL query: Input- a’ OR 1=1# Query-SELECT userid , name FROM users WHERE id = ’a’ OR 1=1#’ Output-This query is always true.If website is vulnerable to SQL injection then attacker without providing the authentic username and password could successfully obtain the access over the network.
SQL Injection Queries 2. Query for Updating Table : Input- a’;UPDATE users SET name=‘pqr’ WHERE id=1 # Query- SELECT userid,name FROM users WHERE userid=‘a’;UPDATE users SET name=‘pqr’ WHERE id=1 #’ Output- This query modifies the name of the user with id 1 to ‘pqr’
SQL Injection Queries 3. Query for deleting Table- Input- a’ ; DROP TABLE users ;# Query- SELECT userid,name FROM users WHERE userid=‘a’; DROP TABLE users ;#’ Output – Through this query the table ‘users’ is droped
SQL Injection Prevention • Minimizing the Privileges • SQL Server Firewalling • We use the following functions which is already defined in PHP -  mysqli_real_esape_string(database connection,query);  stripslashes();
SQL Injection Prevention example: When user types his/her username and password in this form ("" or ""="“); access should not be granted as it may lead to false negative query result from the database and grant access to intruder or illegitimate user
Conclusion SQL injection attacks are the major problem for the database, which in turn applied to the web application, which includes the database as a background data controller. Severity levels of attacks are increasing day-by- day with the huge usage of data. SQLi attack is one of the sophisticated methods resulting in great financial loss to an organization when it attacks the sensitive data in the database. It also destroy the data or make it otherwise unavailable, and intruder become administrators of the database server and cause change up to large extent which may be very dangerous for any organisation and can cause heavy loss to that organisation .
Refrences • Research of SQL Injection Attack and Prevention Technology Li Qian Institute of Information Engineering of Anhui Xinhua University University of Science and Technology. http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7724789 • Enhanced Approach to Detection of SQL Injection Attack Raja Prasad Karuparthi Department of Computer Science Sam Houston State University http://ieeexplore.ieee.org/document/7838186/ • www.acunetix.com/websitesecurity/sql-injection2/ • Wikipedia https://en.wikipedia.org/wiki/SQL_injection
THANK YOU !

More Related Content

PDF
SQL Injection Attack Guide for ethical hacking
byAyan Live Rourkela
 
PDF
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
PPTX
SQL Injection Introduction and Prevention
byMohammed Fazuluddin
 
PPTX
SQL Injection attack
byRayudu Babu
 
PPTX
Sql injection
bySuraj Tiwari
 
PPTX
SQL injection implementation and prevention
byRejaul Islam Royel
 
PDF
Sql injection course made by Cristian Alexandrescu
byCristian Alexandrescu
 
PDF
Ijcatr04041018
byEditor IJCATR
 
SQL Injection Attack Guide for ethical hacking
byAyan Live Rourkela
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
SQL Injection Introduction and Prevention
byMohammed Fazuluddin
 
SQL Injection attack
byRayudu Babu
 
Sql injection
bySuraj Tiwari
 
SQL injection implementation and prevention
byRejaul Islam Royel
 
Sql injection course made by Cristian Alexandrescu
byCristian Alexandrescu
 
Ijcatr04041018
byEditor IJCATR
 

Similar to cybersecurity and sql injection for students

PPTX
SQL INJECTION
byAnoop T
 
PPTX
Whatis SQL Injection.pptx
bySimplilearn
 
PPTX
SQL injection
byRaj Parmar
 
PDF
sql injection login bypass sqli-191017162412.pdf
bybankservicehyd
 
PPTX
Sql Injection
bypenetration Tester
 
PPTX
Sql Injection
byAju Thomas
 
PPTX
SQL Injection.jpg.pptx
bydawitTerefe5
 
PPTX
SQL INJECTION
byMentorcs
 
PPTX
Sql injection
byThe Avi Sharma
 
PPTX
SQL INJECTIONS.pptx
byJayeshYadav53
 
PPT
Sql injection
byNikunj Dhameliya
 
PPTX
Sql injection
byMehul Boghra
 
PPT
Sql security
bySafwan Hashmi
 
PDF
Sql injection
byMohit Shukla
 
PDF
Prevention of SQL Injection Attack in Web Application with Host Language
byIRJET Journal
 
PDF
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PDF
Op2423922398
byIJERA Editor
 
PPTX
SQL INJECTION
byZiaullah Khan
 
PPT
Sql Injection
byLakshika Rasanjali
 
PPTX
Sql injections
byKK004
 
SQL INJECTION
byAnoop T
 
Whatis SQL Injection.pptx
bySimplilearn
 
SQL injection
byRaj Parmar
 
sql injection login bypass sqli-191017162412.pdf
bybankservicehyd
 
Sql Injection
bypenetration Tester
 
Sql Injection
byAju Thomas
 
SQL Injection.jpg.pptx
bydawitTerefe5
 
SQL INJECTION
byMentorcs
 
Sql injection
byThe Avi Sharma
 
SQL INJECTIONS.pptx
byJayeshYadav53
 
Sql injection
byNikunj Dhameliya
 
Sql injection
byMehul Boghra
 
Sql security
bySafwan Hashmi
 
Sql injection
byMohit Shukla
 
Prevention of SQL Injection Attack in Web Application with Host Language
byIRJET Journal
 
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
Op2423922398
byIJERA Editor
 
SQL INJECTION
byZiaullah Khan
 
Sql Injection
byLakshika Rasanjali
 
Sql injections
byKK004
 

Recently uploaded

PDF
Melancholy, A Clan: Western Style Somali Pastoral Poetry
byAmirBile2
 
PDF
MORSELS.pdf-----------------------------
byARDHAZZ
 
PDF
THESIS straggler and snub storyboards ruth wang
byruinsofelenor
 
PDF
BA english sem-5 & 6. circular-syllabus (1).pdf
bydepartmentofenglishg4
 
PDF
Midterm-Elements-and-Principle-midterm.pdf
byCharleneAlonzo4
 
PDF
Mister No strip VEC 086 - Crvena stena.pdf
byStripovizijacom
 
PPTX
Q3 MUSIC 10-PHILIPPINE TRADITIONAL COMPOSERS.pptx
byCherryLuzManzano1
 
DOCX
STRATEGIC BENEFITS AND COSTS OF THE GAZA WAR FROM THE PERSPECTIVE OF THE PALE...
byrajameraj995
 
PPTX
Art integration activity.pptx art integration activity of culture of Madhya P...
bykaharsantosh099
 
PDF
Bast's Escape From a Temple and it's Scary Scary MONSTER
byJackieAlbano2
 
PPTX
Khmer Empire Powerpoint Presentation AP WORLD HISTORY
bysiddhupendyala
 
PPTX
“How Telegram Is Changing Online Communication”
byvillandesim
 
PPTX
Periods,+Questions+and+Exclamation+Marks. (1)-1.pptx
byiaestudia562
 
PPTX
Good afternoon, Class!_20251209_113621_0000.pptx
byflorajeansegotier7
 
PPTX
Comprehensive Case Analysis Assignment @(风险管) by 山博.pptx
bytravellernoman434
 
PPT
Introduction to value, form, and shading
byMrsPylant
 
PPTX
I'm Dexter Majaba Presenting_One_Of_The_Best_Online_Platforms
bydextermajaba12
 
PPTX
Chapter 2. Respiratory disorders-Asthma.pptx
byPRES, Institute of Pharmacy Loni
 
PPTX
Chapter 1.Introduction to Pharmacotherapeutics.pptx
byPRES, Institute of Pharmacy Loni
 
PDF
AI Art Today: Powerful Tool or Threat to Human Creativity
bylittleartistsdigital
 
Melancholy, A Clan: Western Style Somali Pastoral Poetry
byAmirBile2
 
MORSELS.pdf-----------------------------
byARDHAZZ
 
THESIS straggler and snub storyboards ruth wang
byruinsofelenor
 
BA english sem-5 & 6. circular-syllabus (1).pdf
bydepartmentofenglishg4
 
Midterm-Elements-and-Principle-midterm.pdf
byCharleneAlonzo4
 
Mister No strip VEC 086 - Crvena stena.pdf
byStripovizijacom
 
Q3 MUSIC 10-PHILIPPINE TRADITIONAL COMPOSERS.pptx
byCherryLuzManzano1
 
STRATEGIC BENEFITS AND COSTS OF THE GAZA WAR FROM THE PERSPECTIVE OF THE PALE...
byrajameraj995
 
Art integration activity.pptx art integration activity of culture of Madhya P...
bykaharsantosh099
 
Bast's Escape From a Temple and it's Scary Scary MONSTER
byJackieAlbano2
 
Khmer Empire Powerpoint Presentation AP WORLD HISTORY
bysiddhupendyala
 
“How Telegram Is Changing Online Communication”
byvillandesim
 
Periods,+Questions+and+Exclamation+Marks. (1)-1.pptx
byiaestudia562
 
Good afternoon, Class!_20251209_113621_0000.pptx
byflorajeansegotier7
 
Comprehensive Case Analysis Assignment @(风险管) by 山博.pptx
bytravellernoman434
 
Introduction to value, form, and shading
byMrsPylant
 
I'm Dexter Majaba Presenting_One_Of_The_Best_Online_Platforms
bydextermajaba12
 
Chapter 2. Respiratory disorders-Asthma.pptx
byPRES, Institute of Pharmacy Loni
 
Chapter 1.Introduction to Pharmacotherapeutics.pptx
byPRES, Institute of Pharmacy Loni
 
AI Art Today: Powerful Tool or Threat to Human Creativity
bylittleartistsdigital
 

cybersecurity and sql injection for students

  • 1.
    TEAM MEMBERS – 1.)AMBUJ MISHRA – IPG_2014-012 2.) SHESHAN SHENIWAL – IPG_2014-080 3.)SUNIL KUMAR – IPG_2014-117
  • 2.
  • 3.
    ABSTRACT • The mainconsequences of SQL injection includes loss of confidentiality , authentication as the attacker without providing the authentic username and password could successfully obtain access over the network by manipulating the logic of SQL commands. • In this presentation , we broadly focus on the SQL injection introduction , its associated threats , attacks , types ,methodology used by the attacker to implement SQL injection , SQL injection queries and its prevention.
  • 4.
    What is SQLInjection ? • SQL Injection can be defined as a technique where hacker executes malicious SQL queries on the database server through web application to either gain access over the sensitive information or on the database. • This is the web based vulnerability which allows attacker to spoof the identity ,destroys the data present on the system and changes the record present on the database.
  • 5.
    Threats • Identity Spoofing •Modifying the records resent in the database • Gaining access over administrative privileges • Denial of Service • Attacking machine’s performance
  • 6.
    SQL Injection Attacks •Authentication Bypass • Leaking sensitive information • Loss of Data Integrity • Loss of availability of Data
  • 7.
    Types of SQLInjection 1. In-band SQLi (classic SQLi) a.) Error-based SQLi b.) Union-based SQLi 2. Blind SQLi (inferential SQLi)
  • 8.
    Union-Based SQLi • Inunion-based SQLi , a SQL query script is built by concatenating hard coded string with the string entered by the user. • Example of union-based SQLi:- Input- a’ UNION SELECT table_name,null FROM information_schema.tables# Query-SELECT userid , name FROM users WHERE id=‘a’ UNION SELECT table_name,null FROM information_schema.tables#’
  • 9.
    Blind SQLi • BlindSQLi can be used to obtain access over sensitive information present in the database by asking series of TRUE or FALSE questions through SQL statements. • Example of blind SQLi:- Input- a’ OR 1=1# Query-SELECT userid , name FROM users WHERE id = ’a’ OR 1=1#’
  • 10.
    Methodology Step by stepmethods used by the attacker to implement SQL injection are as following:  Information Gathering  SQL injection Vulnerability Detection  Launch SQL injection attack  Extract the data
  • 11.
    SQL Injection Queries 1.Malicious SQL query: Input- a’ OR 1=1# Query-SELECT userid , name FROM users WHERE id = ’a’ OR 1=1#’ Output-This query is always true.If website is vulnerable to SQL injection then attacker without providing the authentic username and password could successfully obtain the access over the network.
  • 12.
    SQL Injection Queries 2.Query for Updating Table : Input- a’;UPDATE users SET name=‘pqr’ WHERE id=1 # Query- SELECT userid,name FROM users WHERE userid=‘a’;UPDATE users SET name=‘pqr’ WHERE id=1 #’ Output- This query modifies the name of the user with id 1 to ‘pqr’
  • 13.
    SQL Injection Queries 3.Query for deleting Table- Input- a’ ; DROP TABLE users ;# Query- SELECT userid,name FROM users WHERE userid=‘a’; DROP TABLE users ;#’ Output – Through this query the table ‘users’ is droped
  • 14.
    SQL Injection Prevention •Minimizing the Privileges • SQL Server Firewalling • We use the following functions which is already defined in PHP -  mysqli_real_esape_string(database connection,query);  stripslashes();
  • 15.
    SQL Injection Prevention example: Whenuser types his/her username and password in this form ("" or ""="“); access should not be granted as it may lead to false negative query result from the database and grant access to intruder or illegitimate user
  • 16.
    Conclusion SQL injection attacksare the major problem for the database, which in turn applied to the web application, which includes the database as a background data controller. Severity levels of attacks are increasing day-by- day with the huge usage of data. SQLi attack is one of the sophisticated methods resulting in great financial loss to an organization when it attacks the sensitive data in the database. It also destroy the data or make it otherwise unavailable, and intruder become administrators of the database server and cause change up to large extent which may be very dangerous for any organisation and can cause heavy loss to that organisation .
  • 17.
    Refrences • Research ofSQL Injection Attack and Prevention Technology Li Qian Institute of Information Engineering of Anhui Xinhua University University of Science and Technology. http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7724789 • Enhanced Approach to Detection of SQL Injection Attack Raja Prasad Karuparthi Department of Computer Science Sam Houston State University http://ieeexplore.ieee.org/document/7838186/ • www.acunetix.com/websitesecurity/sql-injection2/ • Wikipedia https://en.wikipedia.org/wiki/SQL_injection
  • 18.