Mehul Boghra, profile picture
Uploaded byMehul Boghra
PPTX, PDF568 views

Sql injection

SQL injection is a common web application security vulnerability that allows attackers to control an application's database by tricking the application into sending unexpected SQL commands to the database. It works by submitting malicious SQL code as input, which gets executed by the database since the application concatenates user input directly into SQL queries. The key to preventing SQL injection is using prepared statements with bound parameters instead of building SQL queries through string concatenation. This separates the SQL statement from any user-supplied input that could contain malicious code.

Embed presentation

Downloaded 107 times
Naresh Sarvaiya (115340) Prashant Mojidra (115346) Mehul Boghra (115348)
 Topic 1. What are injection attacks? 2. How SQL Injection Works 3. Exploiting SQL Injection Bugs 4. Prevent SQL Injection 5. Other Injection Attacks
 Injection  Injection attacks trick an application into including unintended commands in the data send to an interpreter.  Interpreters  Interpret strings as commands.  Ex: SQL, shell (cmd.exe, bash)  Key Idea  Input data from the application is executed as code by the interpreter.
 What is SQL Injection  SQL injection (SQLi) is an application security weakness that allows attackers to control an application’s database  letting them access or delete data, change an application’s data-driven behavior, and do other undesirable things  by tricking the application into sending unexpected SQL commands  One of the most dangerous issues in terms of data confidentiality and integrity in web applications is a vulnerability called SQL injection.
 SQL Injection 1. App sends form to user. 2. Attacker submits form with SQL exploit data. 3. Application builds string with exploit data. 4. Application sends SQL query to DB. 5. DB executes query, including exploit, sends data back to application. 6. Application returns data to user. DB Server Firewall User Pass ‘ or 1=1-- Form
 SQL Injection Attack #1  Unauthorized Access Attempt: password = ’ or 1=1 --  SQL statement becomes: select count (*) from users where username = ‘user’ and password = ‘’ or 1=1 – Checks if password is empty OR 1=1, which is always true, permitting access.
 SQL Injection Attack #2 Database Modification Attack: password = foo’; delete from table users where username like ‘% DB executes two SQL statements: select count(*) from users where username = ‘user’ and password = ‘foo’ delete from table users where username like ‘%’
 Finding SQL Injection Bugs Submit a single quote as input. •If an error results, app is vulnerable. •If no error, check for any output changes. Submit two single quotes. •Databases use ’’ to represent literal ’ •If error disappears, app is vulnerable. Try string or numeric operators. Oracle: ’||’FOO  MS-SQL: ‘+’FOO  MySQL: ’-’FOO  2-2  81+19  49-ASCII(1)
 Injecting into INSERT  Creates a new data row in a table. INSERT INTO table (col1, col2, ...) VALUES (val1, val2, ...)  Requirements  Number of values must match # columns.  Types of values must match column types.  Technique: add values until no error.  foo’)--  foo’, 1)--  foo’, 1, 1)--
 Injecting into UPDATE  Modifies one or more rows of data. UPDATE table SET col1=val1, col2=val2, ... WHERE expression  Places where input is inserted SET clause WHERE clause  Be careful with WHERE clause ’ OR 1=1 will change all rows
 More Example (1)  Application authentication bypass using SQL injection.  Suppose a web form takes userID and password as input.  The application receives a user ID and a password and authenticate the user by checking the existence of the user in the USER table and matching the data in the PWD column.  Assume that the application is not validating what the user types into these two fields and the SQL statement is created by string concatenation.
 More Example (2)  The following code could be an example of such bad practice: sqlString = “select USERID from USER where USERID = `” & userId & “` and PWD = `” & pwd & “`” result = GetQueryResult(sqlString) If(result = “”) then userHasBeenAuthenticated = False Else userHasBeenAuthenticated = True End If
 More Example (3)  User ID: ` OR ``=`  Password: `OR ``=`  In this case the sqlString used to create the result set would be as follows: select USERID from USER where USERID = ``OR``=``and PWD = `` OR``=`` select USERID from USER where USERID = ``OR``=``and PWD = `` OR``=`` TRUE TRUE  Which would certainly set the userHasBenAuthenticated variable to true.
 More Example (4) User ID: ` OR ``=`` -- Password: abc Because anything after the -- will be ignore, the injection will work even without any specific injection into the password predicate.
 More Example (5) User ID: ` ; DROP TABLE USER ; -- Password: `OR ``=` Select USERID from USER where USERID = `` ; DROP TABLE USER ; -- ` and PWD = ``OR ``=`` I will not try to get any information, I just wan to bring the application down.
 Impact of SQL Injection  Leakage of sensitive information.  Reputation decline.  Modification of sensitive information.  Loss of control of db server  Data loss.  Denial of service.
 The Cause: String Building  Building a SQL command string with user input in any language is dangerous.  String concatenation with variables  String format functions like sprintf().  String templating with variable replacement.
 Mitigating SQL Injection  Ineffective Mitigations  Blacklists  Stored Procedures  Partially Effective Mitigations  Whitelists  Prepared Queries
 Blacklists  Filter out or Sanitize known bad SQL meta-characters, such as single quotes.  Problems: 1. Numeric parameters don’t use quotes. 2. URL escaped metacharacters. 3. Unicode encoded metacharacters.  Though it's easy to point out some dangerous characters, it's harder to point to all of them.
 Stored Procedures  Stored Procedures build strings too: CREATE PROCEDURE dbo.doQuery(@id nchar(128)) AS DECLARE @query nchar(256) SELECT @query = ‘SELECT cc FROM cust WHERE id=‘’’ + @id + ‘’’’ EXEC @query RETURN It's always possible to write a stored procedure that itself constructs a query dynamically: this provides no protection against SQL Injection. It's only proper binding with prepare/execute or direct SQL statements with bound variables that provide protection.
 Whitelist  Reject input that doesn’t match your list of safe characters to accept  Identify what is good, not what is bad.  Reject input instead of attempting to repair.  Still have to deal with single quotes when required, such as in names.
 Prepared Queries  bound parameters, which are supported by essentially all database programming interfaces. In this technique, an SQL statement string is created with placeholders - a question mark for each parameter - and it's compiled ("prepared", in SQL parlance) into an internal form. Later, this prepared query is "executed" with a list of parameters.  $email is the data obtained from the user's form, and it is passed as positional parameter #1 (the first question mark), and at no point do the contents of this variable have anything to do with SQL statement parsing. Quotes, semicolons, backslashes, SQL comment notation - none of this has any impact, because it's "just data". There simply is nothing to subvert, so the application is be largely immune to SQL injection attacks. Example in Perl: $sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = ?;"); $sth->execute($email);
 Prepared Queries  Bound parameters in Java  There also may be some performance benefits if this prepared query is reused multiple times (it only has to be parsed once), but this is minor compared to the enormous security benefits. This is probably the single most important step one can take to secure a web application. Insecure version Statement s = connection.createStatement(); ResultSet rs = s.executeQuery("SELECT email FROM member WHERE name = " + formField); // *boom* Secure version PreparedStatement ps = connection.prepareStatement( "SELECT email FROM member WHERE name = ?"); ps.setString(1, formField); ResultSet rs = ps.executeQuery();
 Other Injection Types  Shell injection.  Scripting language injection.  File inclusion.  XML injection0.  XPath injection.  LDAP injection.  SMTP injection.
 SQL injection Conclusion  SQL injection is technique for exploiting applications that use relational databases as their back end.  All databases can be a target of SQL injection and all are vulnerable to this technique.  SQL injection use the fact that many of these applications concatenate the fixed part of SQL statement with user-supplied data that forms WHERE predicates or additional sub-queries.  The vulnerability is in the application layer outside of the database, and the moment that the application has a connection into the database.
 Thank You!

More Related Content

PPT
SQL Injection
byAdhoura Academy
 
PPTX
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
PPTX
Sql Injection attacks and prevention
byhelloanand
 
PPTX
Sql injection
byHemendra Kumar
 
PPTX
SQL Injection
byAsish Kumar Rath
 
PPTX
Sql injection - security testing
byNapendra Singh
 
PDF
Pentesting Rest API's by :- Gaurang Bhatnagar
byOWASP Delhi
 
PPT
Sql injection
byNitish Kumar
 
SQL Injection
byAdhoura Academy
 
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
Sql Injection attacks and prevention
byhelloanand
 
Sql injection
byHemendra Kumar
 
SQL Injection
byAsish Kumar Rath
 
Sql injection - security testing
byNapendra Singh
 
Pentesting Rest API's by :- Gaurang Bhatnagar
byOWASP Delhi
 
Sql injection
byNitish Kumar
 

What's hot

PPTX
SQL INJECTION
byMentorcs
 
PPTX
Sql injection
byZidh
 
PPTX
Ppt on sql injection
byashish20012
 
PPT
Sql injection attack
byRajKumar Rampelli
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
PPTX
Web api
bySudhakar Sharma
 
PPTX
SQL Injection
bySayed Ahmad Naweed
 
PPTX
Cross-Site Scripting (XSS)
byDaniel Tumser
 
PPTX
jQuery Fundamentals
byGil Fink
 
PPTX
Introduction to Spring Framework
bySerhat Can
 
PPTX
SQL injection prevention techniques
bySongchaiDuangpan
 
PPT
Security Exploit of Business Logic Flaws, Business Logic Attacks
byMarco Morana
 
PPTX
Introduction to REST - API
byChetan Gadodia
 
PPTX
SQL Injections (Part 1)
byn|u - The Open Security Community
 
PPTX
I hunt sys admins 2.0
byWill Schroeder
 
PPTX
Hacking_SharePoint_FINAL
byIan Naumenko, CISSP, CRISC
 
PPTX
Deep dive into ssrf
byn|u - The Open Security Community
 
PPT
Php with MYSQL Database
byComputer Hardware & Trouble shooting
 
PPT
SQLITE Android
bySourabh Sahu
 
PPTX
Deep understanding on Cross-Site Scripting and SQL Injection
byVishal Kumar
 
SQL INJECTION
byMentorcs
 
Sql injection
byZidh
 
Ppt on sql injection
byashish20012
 
Sql injection attack
byRajKumar Rampelli
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
Web api
bySudhakar Sharma
 
SQL Injection
bySayed Ahmad Naweed
 
Cross-Site Scripting (XSS)
byDaniel Tumser
 
jQuery Fundamentals
byGil Fink
 
Introduction to Spring Framework
bySerhat Can
 
SQL injection prevention techniques
bySongchaiDuangpan
 
Security Exploit of Business Logic Flaws, Business Logic Attacks
byMarco Morana
 
Introduction to REST - API
byChetan Gadodia
 
SQL Injections (Part 1)
byn|u - The Open Security Community
 
I hunt sys admins 2.0
byWill Schroeder
 
Hacking_SharePoint_FINAL
byIan Naumenko, CISSP, CRISC
 
Deep dive into ssrf
byn|u - The Open Security Community
 
Php with MYSQL Database
byComputer Hardware & Trouble shooting
 
SQLITE Android
bySourabh Sahu
 
Deep understanding on Cross-Site Scripting and SQL Injection
byVishal Kumar
 

Similar to Sql injection

PPT
Sql injection
byNikunj Dhameliya
 
PDF
Chapter 14 sql injection
bynewbie2019
 
PPT
Sql Injection Adv Owasp
byAung Khant
 
PPT
Advanced SQL Injection
byamiable_indian
 
PPTX
SQLi for Security Champions
byPetraVukmirovic
 
PDF
Sql injection
bySafwan Hashmi
 
PPSX
Web application security
bywww.netgains.org
 
PPT
PHP - Introduction to Advanced SQL
byVibrant Technologies & Computers
 
PPTX
03. sql and other injection module v17
byEoin Keary
 
PPTX
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
PPTX
SQL INJECTION
byZiaullah Khan
 
PDF
SQL Injection
byMagno Logan
 
PPTX
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 
PPT
Sql security
bySafwan Hashmi
 
PPT
A Brief Introduction in SQL Injection
bySina Manavi
 
PPT
8 sql injection
bydrewz lin
 
PPT
SQLSecurity.ppt
byCNSHacking
 
PPT
SQLSecurity.ppt
byLokeshK66
 
PPTX
Hack through Injections
byNazar Tymoshyk, CEH, Ph.D.
 
PPT
Sql injection attacks
bychaitanya Lotankar
 
Sql injection
byNikunj Dhameliya
 
Chapter 14 sql injection
bynewbie2019
 
Sql Injection Adv Owasp
byAung Khant
 
Advanced SQL Injection
byamiable_indian
 
SQLi for Security Champions
byPetraVukmirovic
 
Sql injection
bySafwan Hashmi
 
Web application security
bywww.netgains.org
 
PHP - Introduction to Advanced SQL
byVibrant Technologies & Computers
 
03. sql and other injection module v17
byEoin Keary
 
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
SQL INJECTION
byZiaullah Khan
 
SQL Injection
byMagno Logan
 
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 
Sql security
bySafwan Hashmi
 
A Brief Introduction in SQL Injection
bySina Manavi
 
8 sql injection
bydrewz lin
 
SQLSecurity.ppt
byCNSHacking
 
SQLSecurity.ppt
byLokeshK66
 
Hack through Injections
byNazar Tymoshyk, CEH, Ph.D.
 
Sql injection attacks
bychaitanya Lotankar
 

Recently uploaded

PDF
Past Memories and a New World: Photographs of Stoke Newington from the 70s, 8...
byHistory of Stoke Newington
 
PPTX
Finals - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
PPTX
Chapter 3. Pharmaceutical Aids (pharmaceutics)
bySharibJamal
 
PDF
“Step-by-Step Fabrication of Bipolar Junction Transistors (BJTs)”
byGS Virdi
 
PPTX
A Presentation of PMES 2025-2028 with Salient features.pptx
byRoyPintor2
 
PPTX
Physical education notes class ncert 12th
byjatinrg2009
 
PPTX
Time Series Analysis - Meaning, Definition, Components and Application
bySundar B N
 
PPTX
kklklklklklklklk;lkpoipor[3rjdkjoe99759893058085
bypreetheshparmar
 
PPTX
Time Series Analysis - Least Square Method Fitting a Linear Trend Equation
bySundar B N
 
PDF
1. Doing Academic Research: Problems and Issues, 2. Academic Research Writing...
byProf. Vinod Kumar Kanvaria
 
PPTX
Elderly in India: The Changing Scenario.pptx
byMonika
 
PDF
45 ĐỀ LUYỆN THI IOE LỚP 8 THEO CHƯƠNG TRÌNH MỚI - NĂM HỌC 2024-2025 (CÓ LINK ...
byNguyen Thanh Tu Collection
 
PDF
UGC NET Paper 1 Syllabus | 10 Units Complete Guide for NTA JRF
byNIKHIL K N
 
PPTX
Declaration of Helsinki Basic principles in medical research ppt.pptx
byRanikonde
 
PPTX
Prelims - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
PDF
বাংলাদেশ অর্থনৈতিক সমীক্ষা - ২০২৫ with Bookmark.pdf
bytanbircox UJS App
 
PPTX
DEPED MEMORANDUM 089, 2025 PMES guidelines pptx
byRoseBubuli
 
PPTX
G-Protein-Coupled Receptors (GPCRs): Structure, Mechanism, and Functions
byAnoja Kurian
 
PPTX
SEMESTER 5 UNIT- 1 Difference of Children and adults.pptx
bysachin7989
 
PPTX
Time Series Analysis - Weighted (Unequal) Moving Average Method
bySundar B N
 
Past Memories and a New World: Photographs of Stoke Newington from the 70s, 8...
byHistory of Stoke Newington
 
Finals - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
Chapter 3. Pharmaceutical Aids (pharmaceutics)
bySharibJamal
 
“Step-by-Step Fabrication of Bipolar Junction Transistors (BJTs)”
byGS Virdi
 
A Presentation of PMES 2025-2028 with Salient features.pptx
byRoyPintor2
 
Physical education notes class ncert 12th
byjatinrg2009
 
Time Series Analysis - Meaning, Definition, Components and Application
bySundar B N
 
kklklklklklklklk;lkpoipor[3rjdkjoe99759893058085
bypreetheshparmar
 
Time Series Analysis - Least Square Method Fitting a Linear Trend Equation
bySundar B N
 
1. Doing Academic Research: Problems and Issues, 2. Academic Research Writing...
byProf. Vinod Kumar Kanvaria
 
Elderly in India: The Changing Scenario.pptx
byMonika
 
45 ĐỀ LUYỆN THI IOE LỚP 8 THEO CHƯƠNG TRÌNH MỚI - NĂM HỌC 2024-2025 (CÓ LINK ...
byNguyen Thanh Tu Collection
 
UGC NET Paper 1 Syllabus | 10 Units Complete Guide for NTA JRF
byNIKHIL K N
 
Declaration of Helsinki Basic principles in medical research ppt.pptx
byRanikonde
 
Prelims - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা - ২০২৫ with Bookmark.pdf
bytanbircox UJS App
 
DEPED MEMORANDUM 089, 2025 PMES guidelines pptx
byRoseBubuli
 
G-Protein-Coupled Receptors (GPCRs): Structure, Mechanism, and Functions
byAnoja Kurian
 
SEMESTER 5 UNIT- 1 Difference of Children and adults.pptx
bysachin7989
 
Time Series Analysis - Weighted (Unequal) Moving Average Method
bySundar B N
 

Sql injection

  • 1.
    Naresh Sarvaiya (115340) PrashantMojidra (115346) Mehul Boghra (115348)
  • 2.
     Topic 1. What areinjection attacks? 2. How SQL Injection Works 3. Exploiting SQL Injection Bugs 4. Prevent SQL Injection 5. Other Injection Attacks
  • 3.
     Injection  Injection attackstrick an application into including unintended commands in the data send to an interpreter.  Interpreters  Interpret strings as commands.  Ex: SQL, shell (cmd.exe, bash)  Key Idea  Input data from the application is executed as code by the interpreter.
  • 4.
     What is SQLInjection  SQL injection (SQLi) is an application security weakness that allows attackers to control an application’s database  letting them access or delete data, change an application’s data-driven behavior, and do other undesirable things  by tricking the application into sending unexpected SQL commands  One of the most dangerous issues in terms of data confidentiality and integrity in web applications is a vulnerability called SQL injection.
  • 5.
     SQL Injection 1. Appsends form to user. 2. Attacker submits form with SQL exploit data. 3. Application builds string with exploit data. 4. Application sends SQL query to DB. 5. DB executes query, including exploit, sends data back to application. 6. Application returns data to user. DB Server Firewall User Pass ‘ or 1=1-- Form
  • 6.
     SQL Injection Attack#1  Unauthorized Access Attempt: password = ’ or 1=1 --  SQL statement becomes: select count (*) from users where username = ‘user’ and password = ‘’ or 1=1 – Checks if password is empty OR 1=1, which is always true, permitting access.
  • 7.
     SQL Injection Attack#2 Database Modification Attack: password = foo’; delete from table users where username like ‘% DB executes two SQL statements: select count(*) from users where username = ‘user’ and password = ‘foo’ delete from table users where username like ‘%’
  • 8.
     Finding SQL InjectionBugs Submit a single quote as input. •If an error results, app is vulnerable. •If no error, check for any output changes. Submit two single quotes. •Databases use ’’ to represent literal ’ •If error disappears, app is vulnerable. Try string or numeric operators. Oracle: ’||’FOO  MS-SQL: ‘+’FOO  MySQL: ’-’FOO  2-2  81+19  49-ASCII(1)
  • 9.
     Injecting into INSERT Creates a new data row in a table. INSERT INTO table (col1, col2, ...) VALUES (val1, val2, ...)  Requirements  Number of values must match # columns.  Types of values must match column types.  Technique: add values until no error.  foo’)--  foo’, 1)--  foo’, 1, 1)--
  • 10.
     Injecting into UPDATE Modifies one or more rows of data. UPDATE table SET col1=val1, col2=val2, ... WHERE expression  Places where input is inserted SET clause WHERE clause  Be careful with WHERE clause ’ OR 1=1 will change all rows
  • 11.
     More Example (1) Application authentication bypass using SQL injection.  Suppose a web form takes userID and password as input.  The application receives a user ID and a password and authenticate the user by checking the existence of the user in the USER table and matching the data in the PWD column.  Assume that the application is not validating what the user types into these two fields and the SQL statement is created by string concatenation.
  • 12.
     More Example (2) The following code could be an example of such bad practice: sqlString = “select USERID from USER where USERID = `” & userId & “` and PWD = `” & pwd & “`” result = GetQueryResult(sqlString) If(result = “”) then userHasBeenAuthenticated = False Else userHasBeenAuthenticated = True End If
  • 13.
     More Example (3) User ID: ` OR ``=`  Password: `OR ``=`  In this case the sqlString used to create the result set would be as follows: select USERID from USER where USERID = ``OR``=``and PWD = `` OR``=`` select USERID from USER where USERID = ``OR``=``and PWD = `` OR``=`` TRUE TRUE  Which would certainly set the userHasBenAuthenticated variable to true.
  • 14.
     More Example (4) UserID: ` OR ``=`` -- Password: abc Because anything after the -- will be ignore, the injection will work even without any specific injection into the password predicate.
  • 15.
     More Example (5) UserID: ` ; DROP TABLE USER ; -- Password: `OR ``=` Select USERID from USER where USERID = `` ; DROP TABLE USER ; -- ` and PWD = ``OR ``=`` I will not try to get any information, I just wan to bring the application down.
  • 16.
     Impact of SQLInjection  Leakage of sensitive information.  Reputation decline.  Modification of sensitive information.  Loss of control of db server  Data loss.  Denial of service.
  • 17.
     The Cause: StringBuilding  Building a SQL command string with user input in any language is dangerous.  String concatenation with variables  String format functions like sprintf().  String templating with variable replacement.
  • 18.
     Mitigating SQL Injection Ineffective Mitigations  Blacklists  Stored Procedures  Partially Effective Mitigations  Whitelists  Prepared Queries
  • 19.
     Blacklists  Filter outor Sanitize known bad SQL meta-characters, such as single quotes.  Problems: 1. Numeric parameters don’t use quotes. 2. URL escaped metacharacters. 3. Unicode encoded metacharacters.  Though it's easy to point out some dangerous characters, it's harder to point to all of them.
  • 20.
     Stored Procedures  StoredProcedures build strings too: CREATE PROCEDURE dbo.doQuery(@id nchar(128)) AS DECLARE @query nchar(256) SELECT @query = ‘SELECT cc FROM cust WHERE id=‘’’ + @id + ‘’’’ EXEC @query RETURN It's always possible to write a stored procedure that itself constructs a query dynamically: this provides no protection against SQL Injection. It's only proper binding with prepare/execute or direct SQL statements with bound variables that provide protection.
  • 21.
     Whitelist  Reject inputthat doesn’t match your list of safe characters to accept  Identify what is good, not what is bad.  Reject input instead of attempting to repair.  Still have to deal with single quotes when required, such as in names.
  • 22.
     Prepared Queries  boundparameters, which are supported by essentially all database programming interfaces. In this technique, an SQL statement string is created with placeholders - a question mark for each parameter - and it's compiled ("prepared", in SQL parlance) into an internal form. Later, this prepared query is "executed" with a list of parameters.  $email is the data obtained from the user's form, and it is passed as positional parameter #1 (the first question mark), and at no point do the contents of this variable have anything to do with SQL statement parsing. Quotes, semicolons, backslashes, SQL comment notation - none of this has any impact, because it's "just data". There simply is nothing to subvert, so the application is be largely immune to SQL injection attacks. Example in Perl: $sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = ?;"); $sth->execute($email);
  • 23.
     Prepared Queries  Boundparameters in Java  There also may be some performance benefits if this prepared query is reused multiple times (it only has to be parsed once), but this is minor compared to the enormous security benefits. This is probably the single most important step one can take to secure a web application. Insecure version Statement s = connection.createStatement(); ResultSet rs = s.executeQuery("SELECT email FROM member WHERE name = " + formField); // *boom* Secure version PreparedStatement ps = connection.prepareStatement( "SELECT email FROM member WHERE name = ?"); ps.setString(1, formField); ResultSet rs = ps.executeQuery();
  • 24.
     Other Injection Types Shell injection.  Scripting language injection.  File inclusion.  XML injection0.  XPath injection.  LDAP injection.  SMTP injection.
  • 25.
     SQL injection Conclusion SQL injection is technique for exploiting applications that use relational databases as their back end.  All databases can be a target of SQL injection and all are vulnerable to this technique.  SQL injection use the fact that many of these applications concatenate the fixed part of SQL statement with user-supplied data that forms WHERE predicates or additional sub-queries.  The vulnerability is in the application layer outside of the database, and the moment that the application has a connection into the database.
  • 26.