Asish Kumar Rath, profile picture
Uploaded byAsish Kumar Rath
PPTX, PDF1,232 views

SQL Injection

The document discusses SQL injection, a security exploit that allows attackers to manipulate and retrieve data from a web application's backend database through malformed SQL statements. It outlines various types of SQL injection techniques, including SQL manipulation, code injection, and buffer overflow, along with their operation methods. Additionally, it addresses countermeasures to prevent such attacks, emphasizing the importance of minimizing database privileges and implementing input validation and error handling.

Embed presentation

Downloaded 54 times
Asish Ku. Rath Sr. Software Developer
 Introduction  Types of SQL INJECTION  Steps for performing SQL INJECTION  How it Works  Countermeasures  Conclusion  References
 SQL Injection is a type of Security Exploit in which the attacker injects SQL statements to gain access to restricted resources and make changes.  TARGET: Web Application with backend database  Uses client supplied SQL queries to get unauthorized access to database.
 SQL Manipulation  Code Injection  Function Call Injection  Buffer Over Flow
 It means to manipulate and retrieve data in a relational database.  SQL Manipulation comprises the SQL-Data change statements, which modify the stored data but not the schema or database objects.
 Code injection is the exploitation of computer application that is caused by processing invalid data.  It is always used malevolently which means it is always used in an evil way to destroy a database by exploiting the other codes.
 It is one of the most common type of injection technique where functions are used for injection.  When a function call a parameter then the attacker passes a different parameter to the function resulting something different than expected.
 It also one of the common technique used for injection at the users input side.  It is a mechanism of injection by input of data exceeding the limits of the fields of the user input resulting an error message using which the SQL codes are injected.
 Input field to submit data (e.g. a login page)
 Check for server pages if input field is absent e.g. http://www.xsecurity.com/index.jsp?id=10  In the above example attack will be like this: e.g. http://www.xsecurity.com/index.jsp?id=debu’ or 1=1 –  Look for errors: This can be done using single quotation mark (‘). E.g.
Using single quote in the input •sujit’ or 1=1 -- •login: shweta’ or 1=1 -- •http://search/index.asp?id=sql’ or 1=1 -- Depending on the error: • ‘ or 1=1 -- • “ or 1=1 -- •‘ or ‘a’ = ‘a • “ or “a” = “a •‘) or (‘a’ = ‘a)
 Minimize the Privilege of Database Connection  Disable Verbose Error Message  Protect the system account “SA”  Audit Source Code: Escape Single Quotes Input Validation Reject Known Bad Input Input Bound Checking All user inputs should be filtered
SQLBlock
Now a days SQL injection is one of the biggest nightmare among Database administrators. Though we have a lot of way for its prevention but still today’s most website suffer from this attack.
 http://hack.er.org/sqlinjection  http://hackercentre.com/sqlinjectioncheetsh eet
22

More Related Content

PDF
Advanced SQL injection to operating system full control (whitepaper)
byBernardo Damele A. G.
 
PPTX
Ppt on sql injection
byashish20012
 
PPTX
Sql injections - with example
byPrateek Chauhan
 
PDF
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
PPTX
Sql Injection attacks and prevention
byhelloanand
 
PPT
SQL Injection
byAdhoura Academy
 
PPTX
Whatis SQL Injection.pptx
bySimplilearn
 
PPTX
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
Advanced SQL injection to operating system full control (whitepaper)
byBernardo Damele A. G.
 
Ppt on sql injection
byashish20012
 
Sql injections - with example
byPrateek Chauhan
 
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
Sql Injection attacks and prevention
byhelloanand
 
SQL Injection
byAdhoura Academy
 
Whatis SQL Injection.pptx
bySimplilearn
 
SQL Injections - A Powerpoint Presentation
byRapid Purple
 

What's hot

PPTX
Sql injection
byZidh
 
PPTX
Sql injection - security testing
byNapendra Singh
 
PPTX
SQL Injections (Part 1)
byn|u - The Open Security Community
 
PPTX
SQL injection prevention techniques
bySongchaiDuangpan
 
PPTX
SQL Injection
bySayed Ahmad Naweed
 
PPT
Sql injection attack
byRajKumar Rampelli
 
PPTX
SQL INJECTION
byMentorcs
 
PDF
Sql injection with sqlmap
byHerman Duarte
 
PDF
How to identify and prevent SQL injection
byEguardian Global Services
 
PDF
OWASP Top 10 Web Application Vulnerabilities
bySoftware Guru
 
PPT
Sql injection
byNitish Kumar
 
PPTX
Sql injection in cybersecurity
bySanad Bhowmik
 
PPTX
seminar report on Sql injection
byJawhar Ali
 
PPTX
Sql injection
byMehul Boghra
 
PPT
A Brief Introduction in SQL Injection
bySina Manavi
 
PPTX
Cross Site Scripting: Prevention and Detection(XSS)
byAman Singh
 
PPT
Sql injection
byNikunj Dhameliya
 
PDF
Introduction to Cross Site Scripting ( XSS )
byIrfad Imtiaz
 
PPTX
Sql injection
byHemendra Kumar
 
PPT
Sql injection
byPallavi Biswas
 
Sql injection
byZidh
 
Sql injection - security testing
byNapendra Singh
 
SQL Injections (Part 1)
byn|u - The Open Security Community
 
SQL injection prevention techniques
bySongchaiDuangpan
 
SQL Injection
bySayed Ahmad Naweed
 
Sql injection attack
byRajKumar Rampelli
 
SQL INJECTION
byMentorcs
 
Sql injection with sqlmap
byHerman Duarte
 
How to identify and prevent SQL injection
byEguardian Global Services
 
OWASP Top 10 Web Application Vulnerabilities
bySoftware Guru
 
Sql injection
byNitish Kumar
 
Sql injection in cybersecurity
bySanad Bhowmik
 
seminar report on Sql injection
byJawhar Ali
 
Sql injection
byMehul Boghra
 
A Brief Introduction in SQL Injection
bySina Manavi
 
Cross Site Scripting: Prevention and Detection(XSS)
byAman Singh
 
Sql injection
byNikunj Dhameliya
 
Introduction to Cross Site Scripting ( XSS )
byIrfad Imtiaz
 
Sql injection
byHemendra Kumar
 
Sql injection
byPallavi Biswas
 

Viewers also liked

PDF
An Anatomy of a SQL Injection Attack
byImperva
 
PDF
Web Application Security 101 - 14 Data Validation
byWebsecurify
 
PDF
Cryptoghaphy
byanita bodke
 
PDF
Defcon 17-joseph mccray-adv-sql_injection
byAhmed AbdelSatar
 
PDF
SQL Injection - The Unknown Story
byImperva
 
PPTX
Web Security: SQL Injection
byVortana Say
 
PPT
Advanced SQL Injection
byamiable_indian
 
PPT
D:\Technical\Ppt\Sql Injection
byavishkarm
 
PPTX
SQL Injection in action with PHP and MySQL
byPradeep Kumar
 
DOCX
Types of sql injection attacks
byRespa Peter
 
PDF
SQL injection: Not only AND 1=1
byBernardo Damele A. G.
 
PPT
Advanced Sql Injection ENG
byDmitry Evteev
 
PPS
PHP Security
bymanugoel2003
 
PDF
freeCodeCamp Tokyo meetup 19
by健太 田上
 
PDF
Mgea 3-edicion-web1
byEduardo Rom
 
PPT
introaspnet-3030384.ppt
byIQM123
 
PDF
February 2015 UK Commercial Bulletin
byHML Ltd
 
PDF
China Social Media Recruiting & Talent Management Summit 2012 - opening r...
bydomthecalm
 
PPTX
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERS
byChema Lozano Guillermo
 
PPTX
EN3604 Week 2: The West's Awake: Language and Location
byClaire Lynch
 
An Anatomy of a SQL Injection Attack
byImperva
 
Web Application Security 101 - 14 Data Validation
byWebsecurify
 
Cryptoghaphy
byanita bodke
 
Defcon 17-joseph mccray-adv-sql_injection
byAhmed AbdelSatar
 
SQL Injection - The Unknown Story
byImperva
 
Web Security: SQL Injection
byVortana Say
 
Advanced SQL Injection
byamiable_indian
 
D:\Technical\Ppt\Sql Injection
byavishkarm
 
SQL Injection in action with PHP and MySQL
byPradeep Kumar
 
Types of sql injection attacks
byRespa Peter
 
SQL injection: Not only AND 1=1
byBernardo Damele A. G.
 
Advanced Sql Injection ENG
byDmitry Evteev
 
PHP Security
bymanugoel2003
 
freeCodeCamp Tokyo meetup 19
by健太 田上
 
Mgea 3-edicion-web1
byEduardo Rom
 
introaspnet-3030384.ppt
byIQM123
 
February 2015 UK Commercial Bulletin
byHML Ltd
 
China Social Media Recruiting & Talent Management Summit 2012 - opening r...
bydomthecalm
 
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERS
byChema Lozano Guillermo
 
EN3604 Week 2: The West's Awake: Language and Location
byClaire Lynch
 

Similar to SQL Injection

PPTX
Sql Injection
bypenetration Tester
 
PPTX
SQL injection implementation and prevention
byRejaul Islam Royel
 
PPTX
SQL INJECTION
byAnoop T
 
PPTX
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
PPTX
Sql injection
byUzair ul Haq Khan
 
PPTX
Code injection
byGayatri Patel
 
PPT
SQL injection and buffer overflows are hacking techniques used to exploit wea...
bybankservicehyd
 
PDF
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
PPSX
Web application security
bywww.netgains.org
 
PPTX
Sql injection
byManjushree Mashal
 
PPTX
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
byprasadGade6
 
PDF
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
PPTX
Code injection and green sql
byKaustav Sengupta
 
PPTX
Greensql2007
byKaustav Sengupta
 
PPTX
Sql injection
byThe Avi Sharma
 
PDF
Protect Your Database_ SQL Injection Attack Prevention.pdf
bySachin FromDev
 
PPTX
Sql injection
byNuruzzaman Milon
 
PDF
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PDF
Sql injection
bySafwan Hashmi
 
DOCX
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
Sql Injection
bypenetration Tester
 
SQL injection implementation and prevention
byRejaul Islam Royel
 
SQL INJECTION
byAnoop T
 
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
Sql injection
byUzair ul Haq Khan
 
Code injection
byGayatri Patel
 
SQL injection and buffer overflows are hacking techniques used to exploit wea...
bybankservicehyd
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
Web application security
bywww.netgains.org
 
Sql injection
byManjushree Mashal
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
byprasadGade6
 
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
Code injection and green sql
byKaustav Sengupta
 
Greensql2007
byKaustav Sengupta
 
Sql injection
byThe Avi Sharma
 
Protect Your Database_ SQL Injection Attack Prevention.pdf
bySachin FromDev
 
Sql injection
byNuruzzaman Milon
 
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
Sql injection
bySafwan Hashmi
 
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 

Recently uploaded

PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 

SQL Injection

  • 1.
    Asish Ku. Rath Sr.Software Developer
  • 2.
     Introduction  Typesof SQL INJECTION  Steps for performing SQL INJECTION  How it Works  Countermeasures  Conclusion  References
  • 4.
     SQL Injectionis a type of Security Exploit in which the attacker injects SQL statements to gain access to restricted resources and make changes.  TARGET: Web Application with backend database  Uses client supplied SQL queries to get unauthorized access to database.
  • 5.
     SQL Manipulation Code Injection  Function Call Injection  Buffer Over Flow
  • 6.
     It meansto manipulate and retrieve data in a relational database.  SQL Manipulation comprises the SQL-Data change statements, which modify the stored data but not the schema or database objects.
  • 7.
     Code injectionis the exploitation of computer application that is caused by processing invalid data.  It is always used malevolently which means it is always used in an evil way to destroy a database by exploiting the other codes.
  • 8.
     It isone of the most common type of injection technique where functions are used for injection.  When a function call a parameter then the attacker passes a different parameter to the function resulting something different than expected.
  • 9.
     It alsoone of the common technique used for injection at the users input side.  It is a mechanism of injection by input of data exceeding the limits of the fields of the user input resulting an error message using which the SQL codes are injected.
  • 10.
     Input fieldto submit data (e.g. a login page)
  • 11.
     Check forserver pages if input field is absent e.g. http://www.xsecurity.com/index.jsp?id=10  In the above example attack will be like this: e.g. http://www.xsecurity.com/index.jsp?id=debu’ or 1=1 –  Look for errors: This can be done using single quotation mark (‘). E.g.
  • 12.
    Using single quotein the input •sujit’ or 1=1 -- •login: shweta’ or 1=1 -- •http://search/index.asp?id=sql’ or 1=1 -- Depending on the error: • ‘ or 1=1 -- • “ or 1=1 -- •‘ or ‘a’ = ‘a • “ or “a” = “a •‘) or (‘a’ = ‘a)
  • 16.
     Minimize thePrivilege of Database Connection  Disable Verbose Error Message  Protect the system account “SA”  Audit Source Code: Escape Single Quotes Input Validation Reject Known Bad Input Input Bound Checking All user inputs should be filtered
  • 17.
  • 20.
    Now a daysSQL injection is one of the biggest nightmare among Database administrators. Though we have a lot of way for its prevention but still today’s most website suffer from this attack.
  • 21.
  • 22.