Vulnerability Analysis andSecurity
Enhancement of a Plant E-
commerce Web Application
• SQL Injection and XSS Prevention in PHP-
MySQL Based Systems
• Presented by: [Your Name]
2.
Introduction
• • Overviewof e-commerce and cybersecurity
• • Importance of securing web applications
• • Objective: Analyze vulnerabilities and
implement security solutions
3.
Web System Chosen
•• Platform: Plant E-commerce Website
• • Tech Stack: PHP, MySQL
• • Features:
• - Product catalog
• - User login & registration
• - Shopping cart
• - Order tracking
• • Why this system?
• - Real-world relevance
4.
SQL Injection (SQLi)- Vulnerability
• • Vulnerable Page: login.php
• • Payload Example: ' OR '1'='1
• • Impact: Bypasses authentication, data theft
• • Cause: Raw SQL queries without sanitization
5.
SQL Injection -Solution
• • Fixes Implemented:
• - Use of prepared statements
• - Parameter binding
• - Input validation on server side
• • Code Snippet:
• $stmt = $conn->prepare("SELECT * FROM
users WHERE username = ? AND password
= ?");
• $stmt->bind_param("ss", $username,
6.
Cross-Site Scripting (XSS)-
Vulnerability
• • Vulnerable Page: review.php
• • Payload Example:
<script>alert('XSS')</script>
• • Impact: Script execution in user browser
• • Cause: Output of raw user input without
encoding
Impact & LearningOutcomes
• • Understanding of OWASP Top 10
• • Skills in vulnerability testing and patching
• • Experience with secure PHP development
• • Real-world application of cybersecurity
principles
Conclusion
• • Identifiedand patched critical vulnerabilities
• • Improved the security of the plant e-
commerce system
• • Ensured user data safety and trust
![Vulnerability Analysis and Security
Enhancement of a Plant E-
commerce Web Application
• SQL Injection and XSS Prevention in PHP-
MySQL Based Systems
• Presented by: [Your Name]](https://image.slidesharecdn.com/plantecommercesecuritypresentation-250420144123-6bc4360e/85/Plant_Ecommerce_Security_Presentation-pptx-1-320.jpg)
![Vulnerability Analysis and Security
Enhancement of a Plant E-
commerce Web Application
• SQL Injection and XSS Prevention in PHP-
MySQL Based Systems
• Presented by: [Your Name]](https://image.slidesharecdn.com/plantecommercesecuritypresentation-250420144123-6bc4360e/75/Plant_Ecommerce_Security_Presentation-pptx-1-2048.jpg)
![XSS - Solution
• • Fixes Implemented:
• - Output escaping with htmlspecialchars()
• - Input filtering
• - Content Security Policy (CSP) headers
• • Code Snippet:
• $review = htmlspecialchars($_POST['review'],
ENT_QUOTES, 'UTF-8');
• echo "<p>$review</p>";](https://image.slidesharecdn.com/plantecommercesecuritypresentation-250420144123-6bc4360e/85/Plant_Ecommerce_Security_Presentation-pptx-7-320.jpg)
![Polymer [ बहुलक ] Chemistry Notes PDF - Irfanullah Mehar - JJ Sir Chemistry.pdf](https://cdn.slidesharecdn.com/ss_thumbnails/polymerchemistrynotespdf-irfanullahmehar-jjsirchemistry-260210172118-3f9b37f7-thumbnail.jpg?width=640&height=640&fit=bounds)
