Uploaded bynwabudikeaugustine
PPTX, PDF1 view

research desgn on SQL injection attacks 4th april.

SQL injection attack slide for presentation in december 2024

Embed presentation

Download to read offline
SQL Attribute value SQL Attribute Value The presence of harmful attribute values within SQL queries poses a serious risk to web application security, especially in the context of SQL Injection (SQLi) attacks  Attackers can exploit these values to inject complex, resource-intensive commands into the database, potentially overwhelming the system and leading to performance degradation, slow responses, or even denial of service.  Eliminating these unnecessary and potentially dangerous attribute values from SQL queries before processing is a proactive measure that strengthens system defences. (Nair, 2024).  The key challenge occurs because of duplicate substrings in the form of SQL attribute values in query strings. (Sun et al. 2023)  It enables optimization and security by preventing unauthorized access, reducing system load, reducing system load, and reducing the chances of exploitation due to malformed or malicious inputs
SQL Attribute value  They are values typically originating from user inputs but not part of the primary syntactic form that introduce variability in the character set of the query.  Due to the sensitivity of LSTM networks to sequence and character diversity, an irregular and too large character space can lead to increased computation requirements and even overfitting on non- contributory unrelated patterns that do not help detect injections.  By sanitizing input and removing elements that do not contribute to the functional structure of the SQL query, developers can significantly reduce the attack surface for SQL injection and related threats.  Table 1 Model Comparison Model Accuracy Precision Recall F1=Score CNN+BILSTM 99.71 99.71 99.71 99.71
SQL Attribute value Authors Journal name Katole, et al. 2018, Detection of SQL injection attacks by removing the parameter values of the SQL que ry Kamaruzman et al 2021. Fixed Attribute Value Removal Method and Anomaly-Based Profiled Method, An SQ Li Detection Effectiveness Study McWhirter et al, 2018 SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel
SQL Attack Prevention SQL injection attacks remain one of the most pervasive and damaging threats to the security and integrity of web applications and databases. thereby preventing the manipulation of SQL queries by malicious input. Prepared statements are widely regarded as one of the most effective methods for mitigating SQL injection attacks. By separating SQL query structures from user input, prepared statements ensure that user data is treated strictly as data and not executable code, thereby preventing the manipulation of SQL queries by malicious input. ) . This means that user input is bound to placeholders in the SQL statement, and the database knows that these placeholders are not part of the actual query. many developers do not implement prepared statements across all parts of an application, which leaves gaps in the security of the application.
SQL Attack Prevention Furthermore, developers who are unfamiliar with how to implement prepared statements correctly or who overlook edge cases may inadvertently leave their applications open to exploitation. Inconsistent usage of prepared statements is a common issue; parts of the application may use traditional methods of dynamically building queries, thus exposing those sections to SQL injection vulnerabilities. Therefore, the problem lies not only in promoting the adoption of prepared statements but also in ensuring they are properly and uniformly applied across the entire application, leaving no room for SQL injection attacks to succeed. Using Prepared Statement in MySQL (example) PREPARE stmt FROM 'SELECT * FROM users WHERE username = ? AND password = ?'; SET @username = 'user_input'; SET @password = 'password_input'; EXECUTE stmt USING @username, @password; DEALLOCATE PREPARE stmt;
SQL Attack Prevention . (Stored procedures are pre-defined SQL statements that are stored in your database and can be executed by your application. They are like functions or methods in programming languages, but they operate on the database level. You can use stored procedures to perform complex or repetitive tasks, such as inserting, updating, deleting, or querying data. You can also pass parameters to stored procedures, which are variables that hold the values of your application's input fields. However, the use of stored procedures presents several challenges. In many cases, developers fail to fully separate user input from SQL logic within stored procedures, developers fail to fully separate user input from SQL logic within the procedure itself. For example, allowing unsanitized user input directly within a stored procedure can negate the protection provided by the procedure, leaving the application vulnerable to SQL injection. Furthermore, the complexity of stored procedures may discourage developers from using them or lead to improper implementation. This could result in weak security measures or the bypassing of critical preventive steps.
SQL Attack Prevention Despite its importance, many applications fail to implement robust input validation practices. Inadequate or improperly designed input validation can allow harmful inputs to bypass security measures, enabling SQL injection attacks. Furthermore, overly stringent validation may lead to false negatives, rejecting legitimate user input, while lenient validation can result in the acceptance of dangerous input. The complexity of handling diverse input types across various user interaction points, such as web forms, cookies, HTTP headers, and URL parameters, compounds the difficulty of achieving comprehensive and effective input validation. Attackers may exploit SQL injection vulnerabilities to bypass encryption mechanisms, expose encryption keys, or retrieve encrypted data through malicious query manipulation.
SQL Attack Prevention Additionally, poor encryption implementation, such as weak algorithms, improper key management, or insecure storage of decryption keys, can introduce further vulnerabilities. By restricting database access and capabilities, the impact of a SQL injection attack can be minimized, as attackers will be unable to perform actions outside their limited access scope. However, many organizations fail to implement stringent access controls or regularly review and update privilege levels, resulting in over-permissioned accounts. Table 2: Model Comparison Model Accuracy Precision Recall F1=Score CNN+BILSTM 99.55 99.17 99.48 99.32
Thank you for listening Q & A

More Related Content

DOCX
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
PPTX
03. sql and other injection module v17
byEoin Keary
 
PPT
Sql injection
byNikunj Dhameliya
 
PDF
Op2423922398
byIJERA Editor
 
PPTX
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
PPTX
SQLi for Security Champions
byPetraVukmirovic
 
PPTX
SQL INJECTION
byZiaullah Khan
 
PPTX
SQL Injection: Unraveling the Threats
byInsecureLab
 
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
03. sql and other injection module v17
byEoin Keary
 
Sql injection
byNikunj Dhameliya
 
Op2423922398
byIJERA Editor
 
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
SQLi for Security Champions
byPetraVukmirovic
 
SQL INJECTION
byZiaullah Khan
 
SQL Injection: Unraveling the Threats
byInsecureLab
 

Similar to research desgn on SQL injection attacks 4th april.

PPTX
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 
PDF
Blind sql injection
byKagi Adrian Zinelli
 
PDF
Blind sql injection
byKagi Adrian Zinelli
 
PDF
A METHOD OF DETECTING SQL INJECTION ATTACK TO SECURE WEB APPLICATIONS
bysamueljackson3773
 
PPTX
Sql injection
bySuraj Tiwari
 
PPT
SQLSecurity.ppt
byLokeshK66
 
PPT
SQLSecurity.ppt
byCNSHacking
 
PPT
Sql security
bySafwan Hashmi
 
PPTX
Sql injection
byMehul Boghra
 
DOC
SalemPhilip_ResearchReport
byPhilip Salem
 
PDF
Detection of Structured Query Language Injection Attacks Using Machine Learni...
byAIRCC Publishing Corporation
 
PPT
Sql injection attacks
byNitish Kumar
 
PDF
SQL Injection
byMagno Logan
 
PPSX
Web application security
bywww.netgains.org
 
PPT
Sql injection attacks
bychaitanya Lotankar
 
PDF
Spi dynamik-sql-inj
bydrkimsky
 
PPT
Sql injection attacks
byKumar
 
PPTX
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
PPTX
SQL Injection Attacks cs586
byStacy Watts
 
PDF
Chapter 14 sql injection
bynewbie2019
 
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 
Blind sql injection
byKagi Adrian Zinelli
 
Blind sql injection
byKagi Adrian Zinelli
 
A METHOD OF DETECTING SQL INJECTION ATTACK TO SECURE WEB APPLICATIONS
bysamueljackson3773
 
Sql injection
bySuraj Tiwari
 
SQLSecurity.ppt
byLokeshK66
 
SQLSecurity.ppt
byCNSHacking
 
Sql security
bySafwan Hashmi
 
Sql injection
byMehul Boghra
 
SalemPhilip_ResearchReport
byPhilip Salem
 
Detection of Structured Query Language Injection Attacks Using Machine Learni...
byAIRCC Publishing Corporation
 
Sql injection attacks
byNitish Kumar
 
SQL Injection
byMagno Logan
 
Web application security
bywww.netgains.org
 
Sql injection attacks
bychaitanya Lotankar
 
Spi dynamik-sql-inj
bydrkimsky
 
Sql injection attacks
byKumar
 
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
SQL Injection Attacks cs586
byStacy Watts
 
Chapter 14 sql injection
bynewbie2019
 

Recently uploaded

PPTX
interstitial nephritis,acute and chronic
bydoniagad
 
PPTX
Neuropsychology Brain basics history of neuro
bymanju108aug
 
PPTX
Psychopathology and mental Disorders.pptx
byMax Annani-Akollor
 
PPTX
All-About-Missiles-----------------.pptx
byOmkarWandhekar
 
PPTX
ALLOSTERIC INHIBITION : ITS CHARACTERISTICS, STRUCTURE AND MECHANISMS
byaubrey02judd
 
PPTX
animal quiz fun activity power point ...
bynattylo3
 
PPSX
Hot Stage Microscopy Application for Research .ppsx
bygyaneshsingh86
 
PDF
Presentacion Cap. 22_d078bd243e36ee08576f0f6412f24754.pdf
byXamaitaTrinidad
 
PDF
12th biology Notes PDF Download 100% Irfanullah Mehar (2).pdf Irfanullah Mehar
byWorld of Wisdom
 
PPTX
CHEM 723: Symmetry and Group Theory
byBenjaminQuarshie6
 
PDF
Cardiovascular Nanomedicines: A Review of Nanoparticle-Mediated Strategies fo...
bykarishmayjm
 
PPTX
NORMAL MICROBIOTA / HUMAN NORMAL FLORA / NORMAL MICROFLORA
byBIOSPHERE OF KNOWLEDGE
 
PPTX
PRE NATAL GROWTH OF MAXILLA in orthodontics.pptx
byharanip03
 
PPT
Lesson_Presentation_Adding_and_Subtracting_Polynomials (1).ppt
byengabdelaziz1993
 
PPTX
Sci-Tech Filler - Quiz for Coeus 2023.pptx
bynvkeerthana2002
 
PPTX
Cell cycle part 2 (Mitosis, Meiosis, Differences, Nondisjuction and Aneuploid...
byRashmiMG2
 
PPTX
Lecture 3_CellStructureFunction_2025.pptx
byAngelMaria66
 
PDF
SS-Geologic Time Scale-EON, ERA,PERIOD,EPOCH
bySandraMaeSubaan1
 
PDF
Star Constollations and Quasars.pdf Files
bycastilloronelparro22
 
PPTX
LAB SAFETY (2LAB SAFETY (2LAB SAFETY (2).pptx
byAmgadHassanein1
 
interstitial nephritis,acute and chronic
bydoniagad
 
Neuropsychology Brain basics history of neuro
bymanju108aug
 
Psychopathology and mental Disorders.pptx
byMax Annani-Akollor
 
All-About-Missiles-----------------.pptx
byOmkarWandhekar
 
ALLOSTERIC INHIBITION : ITS CHARACTERISTICS, STRUCTURE AND MECHANISMS
byaubrey02judd
 
animal quiz fun activity power point ...
bynattylo3
 
Hot Stage Microscopy Application for Research .ppsx
bygyaneshsingh86
 
Presentacion Cap. 22_d078bd243e36ee08576f0f6412f24754.pdf
byXamaitaTrinidad
 
12th biology Notes PDF Download 100% Irfanullah Mehar (2).pdf Irfanullah Mehar
byWorld of Wisdom
 
CHEM 723: Symmetry and Group Theory
byBenjaminQuarshie6
 
Cardiovascular Nanomedicines: A Review of Nanoparticle-Mediated Strategies fo...
bykarishmayjm
 
NORMAL MICROBIOTA / HUMAN NORMAL FLORA / NORMAL MICROFLORA
byBIOSPHERE OF KNOWLEDGE
 
PRE NATAL GROWTH OF MAXILLA in orthodontics.pptx
byharanip03
 
Lesson_Presentation_Adding_and_Subtracting_Polynomials (1).ppt
byengabdelaziz1993
 
Sci-Tech Filler - Quiz for Coeus 2023.pptx
bynvkeerthana2002
 
Cell cycle part 2 (Mitosis, Meiosis, Differences, Nondisjuction and Aneuploid...
byRashmiMG2
 
Lecture 3_CellStructureFunction_2025.pptx
byAngelMaria66
 
SS-Geologic Time Scale-EON, ERA,PERIOD,EPOCH
bySandraMaeSubaan1
 
Star Constollations and Quasars.pdf Files
bycastilloronelparro22
 
LAB SAFETY (2LAB SAFETY (2LAB SAFETY (2).pptx
byAmgadHassanein1
 

research desgn on SQL injection attacks 4th april.

  • 1.
    SQL Attribute value SQLAttribute Value The presence of harmful attribute values within SQL queries poses a serious risk to web application security, especially in the context of SQL Injection (SQLi) attacks  Attackers can exploit these values to inject complex, resource-intensive commands into the database, potentially overwhelming the system and leading to performance degradation, slow responses, or even denial of service.  Eliminating these unnecessary and potentially dangerous attribute values from SQL queries before processing is a proactive measure that strengthens system defences. (Nair, 2024).  The key challenge occurs because of duplicate substrings in the form of SQL attribute values in query strings. (Sun et al. 2023)  It enables optimization and security by preventing unauthorized access, reducing system load, reducing system load, and reducing the chances of exploitation due to malformed or malicious inputs
  • 2.
    SQL Attribute value They are values typically originating from user inputs but not part of the primary syntactic form that introduce variability in the character set of the query.  Due to the sensitivity of LSTM networks to sequence and character diversity, an irregular and too large character space can lead to increased computation requirements and even overfitting on non- contributory unrelated patterns that do not help detect injections.  By sanitizing input and removing elements that do not contribute to the functional structure of the SQL query, developers can significantly reduce the attack surface for SQL injection and related threats.  Table 1 Model Comparison Model Accuracy Precision Recall F1=Score CNN+BILSTM 99.71 99.71 99.71 99.71
  • 3.
    SQL Attribute value AuthorsJournal name Katole, et al. 2018, Detection of SQL injection attacks by removing the parameter values of the SQL que ry Kamaruzman et al 2021. Fixed Attribute Value Removal Method and Anomaly-Based Profiled Method, An SQ Li Detection Effectiveness Study McWhirter et al, 2018 SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel
  • 4.
    SQL Attack Prevention SQLinjection attacks remain one of the most pervasive and damaging threats to the security and integrity of web applications and databases. thereby preventing the manipulation of SQL queries by malicious input. Prepared statements are widely regarded as one of the most effective methods for mitigating SQL injection attacks. By separating SQL query structures from user input, prepared statements ensure that user data is treated strictly as data and not executable code, thereby preventing the manipulation of SQL queries by malicious input. ) . This means that user input is bound to placeholders in the SQL statement, and the database knows that these placeholders are not part of the actual query. many developers do not implement prepared statements across all parts of an application, which leaves gaps in the security of the application.
  • 5.
    SQL Attack Prevention Furthermore,developers who are unfamiliar with how to implement prepared statements correctly or who overlook edge cases may inadvertently leave their applications open to exploitation. Inconsistent usage of prepared statements is a common issue; parts of the application may use traditional methods of dynamically building queries, thus exposing those sections to SQL injection vulnerabilities. Therefore, the problem lies not only in promoting the adoption of prepared statements but also in ensuring they are properly and uniformly applied across the entire application, leaving no room for SQL injection attacks to succeed. Using Prepared Statement in MySQL (example) PREPARE stmt FROM 'SELECT * FROM users WHERE username = ? AND password = ?'; SET @username = 'user_input'; SET @password = 'password_input'; EXECUTE stmt USING @username, @password; DEALLOCATE PREPARE stmt;
  • 6.
    SQL Attack Prevention . (Storedprocedures are pre-defined SQL statements that are stored in your database and can be executed by your application. They are like functions or methods in programming languages, but they operate on the database level. You can use stored procedures to perform complex or repetitive tasks, such as inserting, updating, deleting, or querying data. You can also pass parameters to stored procedures, which are variables that hold the values of your application's input fields. However, the use of stored procedures presents several challenges. In many cases, developers fail to fully separate user input from SQL logic within stored procedures, developers fail to fully separate user input from SQL logic within the procedure itself. For example, allowing unsanitized user input directly within a stored procedure can negate the protection provided by the procedure, leaving the application vulnerable to SQL injection. Furthermore, the complexity of stored procedures may discourage developers from using them or lead to improper implementation. This could result in weak security measures or the bypassing of critical preventive steps.
  • 7.
    SQL Attack Prevention Despiteits importance, many applications fail to implement robust input validation practices. Inadequate or improperly designed input validation can allow harmful inputs to bypass security measures, enabling SQL injection attacks. Furthermore, overly stringent validation may lead to false negatives, rejecting legitimate user input, while lenient validation can result in the acceptance of dangerous input. The complexity of handling diverse input types across various user interaction points, such as web forms, cookies, HTTP headers, and URL parameters, compounds the difficulty of achieving comprehensive and effective input validation. Attackers may exploit SQL injection vulnerabilities to bypass encryption mechanisms, expose encryption keys, or retrieve encrypted data through malicious query manipulation.
  • 8.
    SQL Attack Prevention Additionally,poor encryption implementation, such as weak algorithms, improper key management, or insecure storage of decryption keys, can introduce further vulnerabilities. By restricting database access and capabilities, the impact of a SQL injection attack can be minimized, as attackers will be unable to perform actions outside their limited access scope. However, many organizations fail to implement stringent access controls or regularly review and update privilege levels, resulting in over-permissioned accounts. Table 2: Model Comparison Model Accuracy Precision Recall F1=Score CNN+BILSTM 99.55 99.17 99.48 99.32
  • 9.
    Thank you forlistening Q & A