CR
Uploaded byChanchal Rajguru
PPTX, PDF305 views

Sql injection

SQL injection is a code injection technique used to attack data-driven applications by inserting malicious SQL statements into entry fields for execution, allowing attackers to dump database contents. It has been a top web application vulnerability for many years. SQL injection can occur when user inputs are used in SQL queries without validation or encoding. A second order SQL injection involves storing a malicious SQL statement for later execution, bypassing immediate validation. Mitigation techniques include using parameterized statements, input validation, and limiting database permissions.

Engineering
Related topics:
Cyber-Security

Embed presentation

Download to read offline
SQL INJECTION BY : CHANCHAL PARDESHI MSIT/14/005.
WHAT IS SQL INJECTION? • SQL injection is a code injection technique. • Used to attack data-driven applications. • Here malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
WHY IS IT SO IMPORTANT? • In a 2012 study, security company Imperva observed that the average web application received 4 attack campaigns per month, and retailers received twice as many attacks as other industries. • SQL injection (SQLI) is considered one of the top 10 web application vulnerabilities of 2007 and 2010 by the Open Web Application Security Project. • In 2013, SQLI was rated the number one attack on the OWASP top ten.
IMPLEMENTATION • Attacked on Queries that depends on user inputs. • Incorrect type handling • Second order SQL injection
SECOND ORDER SQL INJECTION • Second order SQL injection occurs when submitted values contain malicious commands that are stored rather than executed immediately. • In some cases, the application may correctly encode an SQL statement and store it as valid SQL. • Then, another part of that application without controls to protect against SQL injection might execute that stored SQL statement. This attack requires more knowledge of how submitted values are later used. • Automated web application security scanners would not easily detect this type of SQL injection and may need to be manually instructed where to check for evidence that it is being attempted.
MITIGATION • Parameterized statements • Pattern check • Database permissions
Sql injection

More Related Content

PPTX
SQL Injection Introduction and Prevention
byMohammed Fazuluddin
 
PPTX
How to Take Control of Spreadsheet Risk
byIncisiveSoftware
 
PPT
Mulesoft filters
byvijaykkiran
 
PPTX
Sql injection
byThe Avi Sharma
 
PDF
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
PPTX
SQL INJECTIONS.pptx
byJayeshYadav53
 
PPTX
SQL Injection.jpg.pptx
bydawitTerefe5
 
PPTX
Sql Injection
bypenetration Tester
 
SQL Injection Introduction and Prevention
byMohammed Fazuluddin
 
How to Take Control of Spreadsheet Risk
byIncisiveSoftware
 
Mulesoft filters
byvijaykkiran
 
Sql injection
byThe Avi Sharma
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
SQL INJECTIONS.pptx
byJayeshYadav53
 
SQL Injection.jpg.pptx
bydawitTerefe5
 
Sql Injection
bypenetration Tester
 

Similar to Sql injection

PPTX
Sql injections
byKK004
 
PPTX
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
byprasadGade6
 
PPTX
cybersecurity and sql injection for students
byVeenaShree20
 
PPTX
SQL injection implementation and prevention
byRejaul Islam Royel
 
PPTX
Sql injection
byUzair ul Haq Khan
 
PPTX
Sql injection
bySuraj Tiwari
 
PPTX
Sql injection
byZidh
 
PPTX
Sql injection
byManjushree Mashal
 
PPTX
SQL INJECTION
byAnoop T
 
DOCX
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
PPTX
Sql Injection
byAju Thomas
 
PDF
sql injection login bypass sqli-191017162412.pdf
bybankservicehyd
 
PPTX
SQL injection
byRaj Parmar
 
PDF
Sql injection
bySafwan Hashmi
 
PPTX
Whatis SQL Injection.pptx
bySimplilearn
 
PDF
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PDF
What is advanced SQL Injection? Infographic
byJW CyberNerd
 
PPTX
seminar report on Sql injection
byJawhar Ali
 
PDF
Ijcatr04041018
byEditor IJCATR
 
ODT
Sql injection
byAshok Kumar
 
Sql injections
byKK004
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
byprasadGade6
 
cybersecurity and sql injection for students
byVeenaShree20
 
SQL injection implementation and prevention
byRejaul Islam Royel
 
Sql injection
byUzair ul Haq Khan
 
Sql injection
bySuraj Tiwari
 
Sql injection
byZidh
 
Sql injection
byManjushree Mashal
 
SQL INJECTION
byAnoop T
 
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
Sql Injection
byAju Thomas
 
sql injection login bypass sqli-191017162412.pdf
bybankservicehyd
 
SQL injection
byRaj Parmar
 
Sql injection
bySafwan Hashmi
 
Whatis SQL Injection.pptx
bySimplilearn
 
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
What is advanced SQL Injection? Infographic
byJW CyberNerd
 
seminar report on Sql injection
byJawhar Ali
 
Ijcatr04041018
byEditor IJCATR
 
Sql injection
byAshok Kumar
 

Recently uploaded

PDF
LS029B3SX06A 2.9 Inch TFT LCD 2K Resolution 2160X2160 For AR VR
bySyluxdisplay
 
PPTX
1.-Static-sensor-characteristics,sensors and actuators ;SDU,denmark.pptx
byMohammadTabish20
 
PPTX
Module 1- foundation of data science IT25201.pptx
byRSUMATHY1
 
PDF
PASSIVE AND ACTIVE REINFORCEMENT LEARNING
byAnushaSanjay
 
PDF
Software Engineering :Software Engineering Practice
byGunjalSanjay
 
PDF
CRYPTOCURRENCY FORENSICS: A COMPREHENSIVE REPORT ON TRACKING ILLICIT DIGITAL ...
byGarima Singh
 
PDF
BO139A454SPI 1.39″ Round AMOLED Display Module, 454×454, SPI & MIPI
bySyluxdisplay
 
PPTX
Embedded_Linux_ARM_Cross_Compilation_Exp.no.3.pptx
bySanjivani College of Engineering, Kopargaon, Ahmednagar, Maharashtra, India
 
PPTX
22PEOIT4C Unit 3 Session 18 First Order Logic.pptx
byGuru Nanak Technical Institutions
 
PDF
Software Engineering : Process Model
byGunjalSanjay
 
PPTX
An Early Production Facility (EPF) is a modular, temporary system for rapidly...
byDrAdelSalem1
 
PPTX
24ME402-ENGINEERING MATERIALS AND METALLURGY --- UNIT-I
byDJAGADEESH1
 
PPTX
Diagram of Control Valves used in Industrial Fluid Power.pptx
bySBM Polytechnic
 
PPTX
RTOS_Automatic_Room_Light_Controller_ Exp.no.1.pptx
bySanjivani College of Engineering, Kopargaon, Ahmednagar, Maharashtra, India
 
PDF
Earths-Structure-and-Composition_20260127_110958_0000.pdf
byabdurasabarfaki
 
PDF
Seminar topic on scaffolding and its types.pdf
byMOTOSIFSHAIKH
 
PDF
Fundamentals of AI - Problem Solving Approach.pdf
byVyankateshBhaurkar1
 
PPTX
LLM, RAG & Agents - understand the basics and the concept of building future ...
byYoav Gvili
 
PDF
Software Engineering : Nature of Software
byGunjalSanjay
 
PPTX
Calculation of hardness of Water on Ion Exchange.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
LS029B3SX06A 2.9 Inch TFT LCD 2K Resolution 2160X2160 For AR VR
bySyluxdisplay
 
1.-Static-sensor-characteristics,sensors and actuators ;SDU,denmark.pptx
byMohammadTabish20
 
Module 1- foundation of data science IT25201.pptx
byRSUMATHY1
 
PASSIVE AND ACTIVE REINFORCEMENT LEARNING
byAnushaSanjay
 
Software Engineering :Software Engineering Practice
byGunjalSanjay
 
CRYPTOCURRENCY FORENSICS: A COMPREHENSIVE REPORT ON TRACKING ILLICIT DIGITAL ...
byGarima Singh
 
BO139A454SPI 1.39″ Round AMOLED Display Module, 454×454, SPI & MIPI
bySyluxdisplay
 
Embedded_Linux_ARM_Cross_Compilation_Exp.no.3.pptx
bySanjivani College of Engineering, Kopargaon, Ahmednagar, Maharashtra, India
 
22PEOIT4C Unit 3 Session 18 First Order Logic.pptx
byGuru Nanak Technical Institutions
 
Software Engineering : Process Model
byGunjalSanjay
 
An Early Production Facility (EPF) is a modular, temporary system for rapidly...
byDrAdelSalem1
 
24ME402-ENGINEERING MATERIALS AND METALLURGY --- UNIT-I
byDJAGADEESH1
 
Diagram of Control Valves used in Industrial Fluid Power.pptx
bySBM Polytechnic
 
RTOS_Automatic_Room_Light_Controller_ Exp.no.1.pptx
bySanjivani College of Engineering, Kopargaon, Ahmednagar, Maharashtra, India
 
Earths-Structure-and-Composition_20260127_110958_0000.pdf
byabdurasabarfaki
 
Seminar topic on scaffolding and its types.pdf
byMOTOSIFSHAIKH
 
Fundamentals of AI - Problem Solving Approach.pdf
byVyankateshBhaurkar1
 
LLM, RAG & Agents - understand the basics and the concept of building future ...
byYoav Gvili
 
Software Engineering : Nature of Software
byGunjalSanjay
 
Calculation of hardness of Water on Ion Exchange.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 

Sql injection

  • 1.
    SQL INJECTION BY :CHANCHAL PARDESHI MSIT/14/005.
  • 2.
    WHAT IS SQLINJECTION? • SQL injection is a code injection technique. • Used to attack data-driven applications. • Here malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
  • 3.
    WHY IS ITSO IMPORTANT? • In a 2012 study, security company Imperva observed that the average web application received 4 attack campaigns per month, and retailers received twice as many attacks as other industries. • SQL injection (SQLI) is considered one of the top 10 web application vulnerabilities of 2007 and 2010 by the Open Web Application Security Project. • In 2013, SQLI was rated the number one attack on the OWASP top ten.
  • 4.
    IMPLEMENTATION • Attacked onQueries that depends on user inputs. • Incorrect type handling • Second order SQL injection
  • 5.
    SECOND ORDER SQLINJECTION • Second order SQL injection occurs when submitted values contain malicious commands that are stored rather than executed immediately. • In some cases, the application may correctly encode an SQL statement and store it as valid SQL. • Then, another part of that application without controls to protect against SQL injection might execute that stored SQL statement. This attack requires more knowledge of how submitted values are later used. • Automated web application security scanners would not easily detect this type of SQL injection and may need to be manually instructed where to check for evidence that it is being attempted.
  • 6.
    MITIGATION • Parameterized statements •Pattern check • Database permissions