Sayed Ahmad Naweed, profile picture
Uploaded bySayed Ahmad Naweed
PPTX, PDF437 views

SQL Injection

According to a 2015 study, 86% of over 30,000 websites tested had at least one serious vulnerability. Of the vulnerabilities found, 61% were resolved within 193 days. SQL injection is a type of attack where an attacker tries to alter SQL statements by inserting new SQL keywords or operators. Examples provided demonstrate how an attacker can use SQL injection to drop all databases or return all records. Prevention techniques like escaping characters and using prepared statements can help protect against SQL injection attacks.

Embed presentation

Downloaded 12 times
Sayed Ahmad Naweed
of 30,000 websites tested by WhiteHat Sentinel had at least one serious vulnerability. 86% Source: https://www.whitehatsec.com/statistics-report/featured/2015/05/21/statsreport.html
of these vulnerabilities were resolved. 61% Source: https://www.whitehatsec.com/statistics-report/featured/2015/05/21/statsreport.html
193 Days
From a single injection we accessed EVERYTHING Why do you put such faith in a company that allows itself to become open to these simple attacks? “ ” “ ” LulzSec Source: http://www.theguardian.com/technology/2012/aug/29/lulzsec-hacker-arrest-sony-attack
SQL is used to communicate with a relational database. SQL
When an attacker attempts to change the logic, semantics or syntax of a legitimate SQL statement by inserting new SQL keywords or operators into the statement. Source: Halfond, William GJ, and Alessandro Orso. "AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks." Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering. ACM, 2005. SQL Injection
SQL
Example #1
SELECT * FROM USERS WHERE Username = “sayed”
SELECT * FROM USERS WHERE Username = “sayed”“
SELECT * FROM USERS WHERE Username = “sayed”; Drop All DATABASES ;DROP ALL DATABASES;
Example #2
OR ‘1’ = ‘1’ SELECT * FROM USERS WHERE username = “sayed” AND Password =“1234” or ‘1’ = ‘1’
Live Demo http://sqlzoo.net/hack/
Prevention Techniques
Scape Characters mysql_real_escape_string(Query) Prepared Stetement SELECT * FROM USERS WHERE username = ?
Conclusion • Your vulnerable if you do not use prepared statement. • Don’t forget As hacks go, there are worst ones!
any question …

More Related Content

PPTX
SQL Injection
byAsish Kumar Rath
 
PDF
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
PPTX
Sql injection
byZidh
 
PPTX
SQL Injections (Part 1)
byn|u - The Open Security Community
 
PPTX
Sql injections - with example
byPrateek Chauhan
 
PPTX
Sql injection - security testing
byNapendra Singh
 
PDF
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
byEdureka!
 
PPT
SQL Injection
byAdhoura Academy
 
SQL Injection
byAsish Kumar Rath
 
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
Sql injection
byZidh
 
SQL Injections (Part 1)
byn|u - The Open Security Community
 
Sql injections - with example
byPrateek Chauhan
 
Sql injection - security testing
byNapendra Singh
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
byEdureka!
 
SQL Injection
byAdhoura Academy
 

What's hot

PDF
Sql injection with sqlmap
byHerman Duarte
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
PPTX
SQL INJECTION
byMentorcs
 
PPT
Sql injection attack
byRajKumar Rampelli
 
PPT
Sql injection
byNitish Kumar
 
PPTX
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
PPTX
SQL injection
byRaj Parmar
 
PPT
Sql injection
byNikunj Dhameliya
 
PPT
Sql injection
byPallavi Biswas
 
PPTX
SQL injection prevention techniques
bySongchaiDuangpan
 
PDF
SQL Injection: complete walkthrough (not only) for PHP developers
byKrzysztof Kotowicz
 
PDF
Cross site scripting
byn|u - The Open Security Community
 
PPTX
Sql Injection attacks and prevention
byhelloanand
 
PDF
How to identify and prevent SQL injection
byEguardian Global Services
 
PPTX
Sql injection in cybersecurity
bySanad Bhowmik
 
PPTX
Ppt on sql injection
byashish20012
 
PPT
Secure code practices
byHina Rawal
 
PPT
Application Security
byReggie Niccolo Santos
 
PDF
OWASP Top 10 Web Application Vulnerabilities
bySoftware Guru
 
PDF
SQL injection: Not Only AND 1=1 (updated)
byBernardo Damele A. G.
 
Sql injection with sqlmap
byHerman Duarte
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
SQL INJECTION
byMentorcs
 
Sql injection attack
byRajKumar Rampelli
 
Sql injection
byNitish Kumar
 
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
SQL injection
byRaj Parmar
 
Sql injection
byNikunj Dhameliya
 
Sql injection
byPallavi Biswas
 
SQL injection prevention techniques
bySongchaiDuangpan
 
SQL Injection: complete walkthrough (not only) for PHP developers
byKrzysztof Kotowicz
 
Cross site scripting
byn|u - The Open Security Community
 
Sql Injection attacks and prevention
byhelloanand
 
How to identify and prevent SQL injection
byEguardian Global Services
 
Sql injection in cybersecurity
bySanad Bhowmik
 
Ppt on sql injection
byashish20012
 
Secure code practices
byHina Rawal
 
Application Security
byReggie Niccolo Santos
 
OWASP Top 10 Web Application Vulnerabilities
bySoftware Guru
 
SQL injection: Not Only AND 1=1 (updated)
byBernardo Damele A. G.
 

Similar to SQL Injection

PPTX
Cyber crime an eye opener 144 te 2 t-7
byGargee Hiray
 
PPTX
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
PPTX
SQL INJECTION
byAnoop T
 
PPT
Sql security
bySafwan Hashmi
 
PDF
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
PDF
sql-inj_attack.pdf
byssuser07cf8b
 
PPT
SQLSecurity.ppt
byLokeshK66
 
PPT
SQLSecurity.ppt
byCNSHacking
 
PDF
Chapter 5 - SQL-Injection-NK.pdf
byWaad Waad
 
PPTX
Intro to SQL Injection
byhon1nbo
 
ODP
My app is secure... I think
byWim Godden
 
PPTX
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 
PPTX
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
PDF
Sql injection
bySafwan Hashmi
 
ODP
My app is secure... I think
byWim Godden
 
PPTX
SQL INJECTION
byZiaullah Khan
 
PDF
My app is secure... I think
byWim Godden
 
ODP
My app is secure... I think
byWim Godden
 
ODP
My app is secure... I think
byWim Godden
 
PPTX
seminar report on Sql injection
byJawhar Ali
 
Cyber crime an eye opener 144 te 2 t-7
byGargee Hiray
 
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
SQL INJECTION
byAnoop T
 
Sql security
bySafwan Hashmi
 
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
sql-inj_attack.pdf
byssuser07cf8b
 
SQLSecurity.ppt
byLokeshK66
 
SQLSecurity.ppt
byCNSHacking
 
Chapter 5 - SQL-Injection-NK.pdf
byWaad Waad
 
Intro to SQL Injection
byhon1nbo
 
My app is secure... I think
byWim Godden
 
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
Sql injection
bySafwan Hashmi
 
My app is secure... I think
byWim Godden
 
SQL INJECTION
byZiaullah Khan
 
My app is secure... I think
byWim Godden
 
My app is secure... I think
byWim Godden
 
My app is secure... I think
byWim Godden
 
seminar report on Sql injection
byJawhar Ali
 

Recently uploaded

PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 

SQL Injection