SlideShare a Scribd company logo

Sql injection

Tech Bikram
Tech Bikram

.

Education
1 of 10
SQL INJECTION Bikra m Kuma r CNS - 3350704
 SQL injection is one of the most common attacks against web applications.  This is used against websites which use SQL to query data from the database server.  A successful SQL injection attack can read sensitive data including email, username, password, and credit card details from your database.  An attacker can not only read, but also modify or delete the data from the database. So, SQL injection can be very harmful.
There are various kinds of SQL injection which are defined based on scope, these are :-  Classic SQL injection  Blind SQL injection  Database specific SQL injection  Compound SQLI
 SQL injection vulnerability exists because developers do not care about data validation and security. User’s input must be sanitized before passing into SQL queries, but developers forget to do this or do not properly sanitize. This makes the web application vulnerable to SQL injection attack.  To make the SQL injection attack process easy, developers have also developed SQL injection tools by creating a good detection engine. With every new release, these tools are becoming smarter. These tools take the vulnerable URL as a parameter and then start attacking the target.
1. SQLMap - Automatic SQL Injection And Database Takeover Tool 2. jSQL Injection - Java Tool For Automatic SQL Database Injection 3. BBQSQL - A Blind SQL Injection Exploitation Tool 4. NoSQLMap - Automated NoSQL Database Pwnage 5. Whitewidow - SQL Vulnerability Scanner 6. DSSS - Damn Small SQLi Scanner 7. explo - Human And Machine Readable Web Vulnerability Testing Format 8. Blind-Sql-Bitshifting - Blind SQL Injection via Bitshifting LIST OF THE BEST SQL INJECTION TOOLS
 SQLMap is the open source SQL injection tool and most popular among all SQL injection tools available. This tool makes it easy to exploit the SQL injection vulnerability of a web application and take over the database server. It comes with a powerful detection engine which can easily detect most of the SQL injection related vulnerabilities.  It supports a wide range of database servers, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and HSQLDB. Most of the popular database servers are already included. It also supports various kind of SQL injection attacks, including boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. S Q L M A P
 One good feature of the tool is that it comes with a built-in password hash recognition system. It helps in identifying the password hash and then cracking the password by performing a dictionary attack.  After connecting to a database server, this tool also lets you search for specific database name, specific tables or for specific columns in the whole database server.
A successful SQL injection attack can read sensitive server data like passwords, email, username, etc. SQL injection can be very harmful.
Respect the privacy of others. Think before you type. With great power comes great responsibility.
THANK YOU…

Recommended

Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
Op2423922398
Op2423922398Op2423922398
Op2423922398IJERA Editor
 
Sql
SqlSql
SqlIJASCSE
 
SQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionSQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionBert Wagner
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionGabriel Villa
 
Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackIJRESJOURNAL
 
Sql security
Sql securitySql security
Sql securitySaHil Chaturvedi
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Ravindra Singh Rathore
 

Recommended

Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
Op2423922398
Op2423922398Op2423922398
Op2423922398IJERA Editor
 
Sql
SqlSql
SqlIJASCSE
 
SQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionSQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionBert Wagner
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionGabriel Villa
 
Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackIJRESJOURNAL
 
Sql security
Sql securitySql security
Sql securitySaHil Chaturvedi
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Ravindra Singh Rathore
 
Prevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabasePrevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabaseIOSR Journals
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET Journal
 
Class Project: Security in Microsoft Azure
Class Project: Security in Microsoft AzureClass Project: Security in Microsoft Azure
Class Project: Security in Microsoft Azuresaitoserge
 
Owasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0betaOwasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0betaSecurity Date
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET Journal
 
Detect sqli attacks in web apps using nvs
Detect sqli attacks in web apps using nvsDetect sqli attacks in web apps using nvs
Detect sqli attacks in web apps using nvsijcseit
 
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTSecuring you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTGabriel Villa
 
SQL injection
SQL injectionSQL injection
SQL injectionAkash Panchal
 
Security Testing - A complete Guide
Security Testing - A complete GuideSecurity Testing - A complete Guide
Security Testing - A complete GuideBugRaptors
 
Red Gate SQL Monitor - Business Benefits
Red Gate SQL Monitor - Business BenefitsRed Gate SQL Monitor - Business Benefits
Red Gate SQL Monitor - Business BenefitsRed Gate Software
 
Agile Software Security
Agile Software SecurityAgile Software Security
Agile Software SecurityFuturice
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
 
Evaluation of Web Application Vulnerability Scanners
Evaluation of Web Application Vulnerability ScannersEvaluation of Web Application Vulnerability Scanners
Evaluation of Web Application Vulnerability Scannersyuliana_mar
 
IglooConf 2019 Secure your Azure applications like a pro
IglooConf 2019 Secure your Azure applications like a proIglooConf 2019 Secure your Azure applications like a pro
IglooConf 2019 Secure your Azure applications like a proKarl Ots
 
Anypoint connector dev kit
Anypoint connector dev kitAnypoint connector dev kit
Anypoint connector dev kitD.Rajesh Kumar
 
Web Security
Web SecurityWeb Security
Web SecurityRita Mehra
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaasD.Rajesh Kumar
 
Top 12 Advantages of Laravel Framework
Top 12 Advantages of Laravel FrameworkTop 12 Advantages of Laravel Framework
Top 12 Advantages of Laravel FrameworkTechtic Solutions
 
Sql injections
Sql injectionsSql injections
Sql injectionsKK004
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET Journal
 

More Related Content

What's hot

Prevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabasePrevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabaseIOSR Journals
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET Journal
 
Class Project: Security in Microsoft Azure
Class Project: Security in Microsoft AzureClass Project: Security in Microsoft Azure
Class Project: Security in Microsoft Azuresaitoserge
 
Owasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0betaOwasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0betaSecurity Date
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET Journal
 
Detect sqli attacks in web apps using nvs
Detect sqli attacks in web apps using nvsDetect sqli attacks in web apps using nvs
Detect sqli attacks in web apps using nvsijcseit
 
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTSecuring you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTGabriel Villa
 
Security Testing - A complete Guide
Security Testing - A complete GuideSecurity Testing - A complete Guide
Security Testing - A complete GuideBugRaptors
 
Red Gate SQL Monitor - Business Benefits
Red Gate SQL Monitor - Business BenefitsRed Gate SQL Monitor - Business Benefits
Red Gate SQL Monitor - Business BenefitsRed Gate Software
 
Agile Software Security
Agile Software SecurityAgile Software Security
Agile Software SecurityFuturice
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
 
Evaluation of Web Application Vulnerability Scanners
Evaluation of Web Application Vulnerability ScannersEvaluation of Web Application Vulnerability Scanners
Evaluation of Web Application Vulnerability Scannersyuliana_mar
 
IglooConf 2019 Secure your Azure applications like a pro
IglooConf 2019 Secure your Azure applications like a proIglooConf 2019 Secure your Azure applications like a pro
IglooConf 2019 Secure your Azure applications like a proKarl Ots
 
Anypoint connector dev kit
Anypoint connector dev kitAnypoint connector dev kit
Anypoint connector dev kitD.Rajesh Kumar
 
Top 12 Advantages of Laravel Framework
Top 12 Advantages of Laravel FrameworkTop 12 Advantages of Laravel Framework
Top 12 Advantages of Laravel FrameworkTechtic Solutions
 

What's hot (19)

Prevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabasePrevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML Database
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A Survey
 
Class Project: Security in Microsoft Azure
Class Project: Security in Microsoft AzureClass Project: Security in Microsoft Azure
Class Project: Security in Microsoft Azure
 
Owasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0betaOwasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0beta
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
 
Detect sqli attacks in web apps using nvs
Detect sqli attacks in web apps using nvsDetect sqli attacks in web apps using nvs
Detect sqli attacks in web apps using nvs
 
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTSecuring you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Security Testing - A complete Guide
Security Testing - A complete GuideSecurity Testing - A complete Guide
Security Testing - A complete Guide
 
Red Gate SQL Monitor - Business Benefits
Red Gate SQL Monitor - Business BenefitsRed Gate SQL Monitor - Business Benefits
Red Gate SQL Monitor - Business Benefits
 
Agile Software Security
Agile Software SecurityAgile Software Security
Agile Software Security
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
 
Evaluation of Web Application Vulnerability Scanners
Evaluation of Web Application Vulnerability ScannersEvaluation of Web Application Vulnerability Scanners
Evaluation of Web Application Vulnerability Scanners
 
IglooConf 2019 Secure your Azure applications like a pro
IglooConf 2019 Secure your Azure applications like a proIglooConf 2019 Secure your Azure applications like a pro
IglooConf 2019 Secure your Azure applications like a pro
 
Anypoint connector dev kit
Anypoint connector dev kitAnypoint connector dev kit
Anypoint connector dev kit
 
Web Security
Web SecurityWeb Security
Web Security
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaas
 
Top 12 Advantages of Laravel Framework
Top 12 Advantages of Laravel FrameworkTop 12 Advantages of Laravel Framework
Top 12 Advantages of Laravel Framework
 

Similar to Sql injection

Sql injections
Sql injectionsSql injections
Sql injectionsKK004
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET Journal
 
Web security
Web securityWeb security
Web securitydogangcr
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptxSimplilearn
 
SQL Injection.jpg.pptx
SQL Injection.jpg.pptxSQL Injection.jpg.pptx
SQL Injection.jpg.pptxdawitTerefe5
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx0567Padma
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Yuji Kosuga
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET Journal
 
SQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsSQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsInsecureLab
 
Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7Gargee Hiray
 

Similar to Sql injection (20)

Sql injections
Sql injectionsSql injections
Sql injections
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackrose
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
 
Web security
Web securityWeb security
Web security
 
eti.pptx
eti.pptxeti.pptx
eti.pptx
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptx
 
Sql injection
Sql injectionSql injection
Sql injection
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
SQL injection
SQL injectionSQL injection
SQL injection
 
SQL Injection.jpg.pptx
SQL Injection.jpg.pptxSQL Injection.jpg.pptx
SQL Injection.jpg.pptx
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
 
SQL INJECTION ATTACKS.pptx
SQL INJECTION ATTACKS.pptxSQL INJECTION ATTACKS.pptx
SQL INJECTION ATTACKS.pptx
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
 
SQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsSQL Injection: Unraveling the Threats
SQL Injection: Unraveling the Threats
 
Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7
 

More from Tech Bikram

Internet of Things (IoT).pptx
Internet of Things (IoT).pptxInternet of Things (IoT).pptx
Internet of Things (IoT).pptxTech Bikram
 
Exploring the World of IoT.pptx
Exploring the World of IoT.pptxExploring the World of IoT.pptx
Exploring the World of IoT.pptxTech Bikram
 
Troubleshooting and maintenance
Troubleshooting and maintenanceTroubleshooting and maintenance
Troubleshooting and maintenanceTech Bikram
 
Classification of computers
Classification of computersClassification of computers
Classification of computersTech Bikram
 
Cdsl c nad-training_module
Cdsl c nad-training_moduleCdsl c nad-training_module
Cdsl c nad-training_moduleTech Bikram
 
Windows 7 installation step by step
Windows 7 installation step by stepWindows 7 installation step by step
Windows 7 installation step by stepTech Bikram
 
How to work with code blocks
How to work with code blocksHow to work with code blocks
How to work with code blocksTech Bikram
 
Virus prevention
Virus preventionVirus prevention
Virus preventionTech Bikram
 

More from Tech Bikram (11)

Internet of Things (IoT).pptx
Internet of Things (IoT).pptxInternet of Things (IoT).pptx
Internet of Things (IoT).pptx
 
Exploring the World of IoT.pptx
Exploring the World of IoT.pptxExploring the World of IoT.pptx
Exploring the World of IoT.pptx
 
Computer mouse
Computer mouseComputer mouse
Computer mouse
 
Troubleshooting and maintenance
Troubleshooting and maintenanceTroubleshooting and maintenance
Troubleshooting and maintenance
 
Classification of computers
Classification of computersClassification of computers
Classification of computers
 
Firewall
FirewallFirewall
Firewall
 
Cdsl c nad-training_module
Cdsl c nad-training_moduleCdsl c nad-training_module
Cdsl c nad-training_module
 
Windows 7 installation step by step
Windows 7 installation step by stepWindows 7 installation step by step
Windows 7 installation step by step
 
How to work with code blocks
How to work with code blocksHow to work with code blocks
How to work with code blocks
 
Virus prevention
Virus preventionVirus prevention
Virus prevention
 
Channel price
Channel priceChannel price
Channel price
 

Recently uploaded

Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 

Recently uploaded (20)

Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 

Sql injection

  • 1. SQL INJECTION Bikra m Kuma r CNS - 3350704
  • 2.  SQL injection is one of the most common attacks against web applications.  This is used against websites which use SQL to query data from the database server.  A successful SQL injection attack can read sensitive data including email, username, password, and credit card details from your database.  An attacker can not only read, but also modify or delete the data from the database. So, SQL injection can be very harmful.
  • 3. There are various kinds of SQL injection which are defined based on scope, these are :-  Classic SQL injection  Blind SQL injection  Database specific SQL injection  Compound SQLI
  • 4.  SQL injection vulnerability exists because developers do not care about data validation and security. User’s input must be sanitized before passing into SQL queries, but developers forget to do this or do not properly sanitize. This makes the web application vulnerable to SQL injection attack.  To make the SQL injection attack process easy, developers have also developed SQL injection tools by creating a good detection engine. With every new release, these tools are becoming smarter. These tools take the vulnerable URL as a parameter and then start attacking the target.
  • 5. 1. SQLMap - Automatic SQL Injection And Database Takeover Tool 2. jSQL Injection - Java Tool For Automatic SQL Database Injection 3. BBQSQL - A Blind SQL Injection Exploitation Tool 4. NoSQLMap - Automated NoSQL Database Pwnage 5. Whitewidow - SQL Vulnerability Scanner 6. DSSS - Damn Small SQLi Scanner 7. explo - Human And Machine Readable Web Vulnerability Testing Format 8. Blind-Sql-Bitshifting - Blind SQL Injection via Bitshifting LIST OF THE BEST SQL INJECTION TOOLS
  • 6.  SQLMap is the open source SQL injection tool and most popular among all SQL injection tools available. This tool makes it easy to exploit the SQL injection vulnerability of a web application and take over the database server. It comes with a powerful detection engine which can easily detect most of the SQL injection related vulnerabilities.  It supports a wide range of database servers, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and HSQLDB. Most of the popular database servers are already included. It also supports various kind of SQL injection attacks, including boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. S Q L M A P
  • 7.  One good feature of the tool is that it comes with a built-in password hash recognition system. It helps in identifying the password hash and then cracking the password by performing a dictionary attack.  After connecting to a database server, this tool also lets you search for specific database name, specific tables or for specific columns in the whole database server.
  • 8. A successful SQL injection attack can read sensitive server data like passwords, email, username, etc. SQL injection can be very harmful.
  • 9. Respect the privacy of others. Think before you type. With great power comes great responsibility.