SlideShare a Scribd company logo

What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybersecurity Training | Edureka

Edureka!
Edureka!

(** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **) This ‘SQL Injection Attack’ PPT by Edureka will help you learn one of the most dangerous web application vulnerability – SQL Injection. Below is the list of topics covered in this session: Web Application Security What is SQL Injection Attack? Types of SQL Injection attacks Demo – SQL Injection Attack Types Prevention of SQL Injection Attack Cyber Security Playlist: https://bit.ly/2N2jlNN Cyber Security Blog Series: https://bit.ly/2AuULkP Instagram: https://www.instagram.com/edureka_lea... Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka

Technology
1 of 19
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Agenda What is Application Security? What is SQL Injection Attack? Types of SQL Injection Attacks Demo - SQL Injection Attack types Prevention of SQL Injection attack 01 02 03 04 05
Copyright © 2019, edureka and/or its affiliates. All rights reserved. Application Security
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Cybersecurity Application Security Network Security Information Security Operational Security Disaster Recovery End-user Education Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Web Application Vulnerabilities Application Security Application security is the use of software, hardware, and procedural methods to protect applications from external threats. 0% 10% 20% 30% 40% 50% 0.06% 0.19% 0.63% 1.69% 2.19% 2.19% 2.44% 2.75% 8.63% 9.69% 18.01% 4.57% 46.97% Denial of Service XML External Entity Open Direct General Bypass Authentication Bypass Remote File Inclusion Full Path Disclosure Remote Code Execution Local File Inclusion Cross Site Request Forgery File Upload SQL Injection Cross Site Scripting
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training
Copyright © 2019, edureka and/or its affiliates. All rights reserved. What is SQL Injection?
Front End: HTML, CSS, JavaScript The need for more advanced technology and dynamic websites grew. Database: MySQL, Oracle, MongoDB Back End: .NET, PHP, Ruby, Python In the early days of internet, building websites was pretty straightforward
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training What is SQL Injection? A SQL query is in one way an application interacts with database An SQL Injection occurs when an application fails to sanitize the user input data An attacker can use specially crafted SQL commands to control web application’s database server
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training SQL Injection Attack – Non Technical Explanation Drive through <route> and <where should the bus stop?> if <when should the bus stop?>. Sample populated form Drive through route77 and stop at the bus stop if there are people at the bus stop Drive through route77 and do not stop at the bus stop and ignore the rest of the from. if there are people at the bus stop
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training SQL Injection Attack – Technical Explanation Sample SQL statement $statement = “SELECT * FROM users WHERE username = ‘$user’ AND password = ‘$password‘“; $statement = “SELECT * FROM users WHERE username = ‘Dean’ AND password = ‘WinchesterS’“; Sample SQL Injection Condition that will always be true, thereby it is accepted as a valid input by the application Instructs the SQL parser that the rest of the line is a comment and should not be executed $statement = “SELECT * FROM users WHERE username = ‘Dean OR ‘1’=‘1’ --‘AND password = ‘WinchesterS’“;
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Impact of SQL Injection Attack Extract sensitive information Misusing authentication details Delete data and drop tables
Copyright © 2019, edureka and/or its affiliates. All rights reserved. Types of SQL Injection
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Categories of SQL Injection SQL Injection Error-based Union-based In-Band SQLi Blind SQLi Out-of-bound SQLi Boolean-based Time-based
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Error BasedError Based Types of SQL Injection Error-based SQL Injection Union-based SQL Injection Union Based Boolean Based Time Based Out-of-bound https://example.com/index.php?id=1 AND SELECT "mysql" UNION SELECT @@version https://example.com/index.php?id=1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)-- https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',true,false) https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',sleep(3),false)) Out-of-boundTime BasedUnion Based Boolean Based
Copyright © 2019, edureka and/or its affiliates. All rights reserved. Demo – Types of SQL Injection
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Preventing SQL Injection Performing static and dynamic testing Using parameterized queries and ORMs Using escape characters in SQL queries Enforcing least privilege on database Enabling web-application firewalls
Copyright © 2019, edureka and/or its affiliates. All rights reserved. Exploiting SQL Vulnerability in Application
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training

Recommended

Sql injection
Sql injectionSql injection
Sql injection
Mehul Boghra
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Sayed Ahmad Naweed
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
amiable_indian
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 

Recommended

Sql injection
Sql injectionSql injection
Sql injection
Mehul Boghra
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Sayed Ahmad Naweed
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
amiable_indian
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Asish Kumar Rath
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
Mohammed A. Imran
 
Sql injection
Sql injectionSql injection
Sql injection
Nikunj Dhameliya
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
Sanad Bhowmik
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
Jawhar Ali
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
Raghav Bisht
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Web security 2010
Web security 2010Web security 2010
Web security 2010
Alok Babu
 

More Related Content

What's hot

Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Asish Kumar Rath
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
Mohammed A. Imran
 
Sql injection
Sql injectionSql injection
Sql injection
Nikunj Dhameliya
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
Sanad Bhowmik
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
Jawhar Ali
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
Raghav Bisht
 

What's hot (20)

Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
Sql injection
Sql injectionSql injection
Sql injection
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 

Similar to What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybersecurity Training | Edureka

How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Web security 2010
Web security 2010Web security 2010
Web security 2010
Alok Babu
 
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Boston Institute of Analytics
 
Op2423922398
Op2423922398Op2423922398
Op2423922398
IJERA Editor
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET Journal
 
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguagePrevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host Language
IRJET Journal
 
Ijcet 06 10_005
Ijcet 06 10_005Ijcet 06 10_005
Ijcet 06 10_005
IAEME Publication
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
IRJET Journal
 
Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7Gargee Hiray
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Ethical Hacking Project: SQL Injection Vulnerability Analysis.pptx
Ethical Hacking Project: SQL Injection Vulnerability Analysis.pptxEthical Hacking Project: SQL Injection Vulnerability Analysis.pptx
Ethical Hacking Project: SQL Injection Vulnerability Analysis.pptx
Boston Institute of Analytics
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application Security
Abdul Jaleel
 
Safe Internet Banking Cyber Security
Safe Internet Banking Cyber SecuritySafe Internet Banking Cyber Security
Safe Internet Banking Cyber Security
Kushantha Gunawardana
 
Prevention of SQL injection in E- Commerce
Prevention of SQL injection in E- CommercePrevention of SQL injection in E- Commerce
Prevention of SQL injection in E- Commerce
ijceronline
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacks
ijsrd.com
 
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRFExploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Boston Institute of Analytics
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
YasserElsnbary
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptx
Simplilearn
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 Project
Muhammad Shehata
 

Similar to What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybersecurity Training | Edureka (20)

How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Web security 2010
Web security 2010Web security 2010
Web security 2010
 
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
 
Op2423922398
Op2423922398Op2423922398
Op2423922398
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
 
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguagePrevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host Language
 
Ijcet 06 10_005
Ijcet 06 10_005Ijcet 06 10_005
Ijcet 06 10_005
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
 
Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Ethical Hacking Project: SQL Injection Vulnerability Analysis.pptx
Ethical Hacking Project: SQL Injection Vulnerability Analysis.pptxEthical Hacking Project: SQL Injection Vulnerability Analysis.pptx
Ethical Hacking Project: SQL Injection Vulnerability Analysis.pptx
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application Security
 
Safe Internet Banking Cyber Security
Safe Internet Banking Cyber SecuritySafe Internet Banking Cyber Security
Safe Internet Banking Cyber Security
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Prevention of SQL injection in E- Commerce
Prevention of SQL injection in E- CommercePrevention of SQL injection in E- Commerce
Prevention of SQL injection in E- Commerce
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacks
 
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRFExploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptx
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 Project
 

More from Edureka!

What to learn during the 21 days Lockdown | Edureka
What to learn during the 21 days Lockdown | EdurekaWhat to learn during the 21 days Lockdown | Edureka
What to learn during the 21 days Lockdown | Edureka
Edureka!
 
Top 10 Dying Programming Languages in 2020 | Edureka
Top 10 Dying Programming Languages in 2020 | EdurekaTop 10 Dying Programming Languages in 2020 | Edureka
Top 10 Dying Programming Languages in 2020 | Edureka
Edureka!
 
Top 5 Trending Business Intelligence Tools | Edureka
Top 5 Trending Business Intelligence Tools | EdurekaTop 5 Trending Business Intelligence Tools | Edureka
Top 5 Trending Business Intelligence Tools | Edureka
Edureka!
 
Tableau Tutorial for Data Science | Edureka
Tableau Tutorial for Data Science | EdurekaTableau Tutorial for Data Science | Edureka
Tableau Tutorial for Data Science | Edureka
Edureka!
 
Python Programming Tutorial | Edureka
Python Programming Tutorial | EdurekaPython Programming Tutorial | Edureka
Python Programming Tutorial | Edureka
Edureka!
 
Top 5 PMP Certifications | Edureka
Top 5 PMP Certifications | EdurekaTop 5 PMP Certifications | Edureka
Top 5 PMP Certifications | Edureka
Edureka!
 
Top Maven Interview Questions in 2020 | Edureka
Top Maven Interview Questions in 2020 | EdurekaTop Maven Interview Questions in 2020 | Edureka
Top Maven Interview Questions in 2020 | Edureka
Edureka!
 
Linux Mint Tutorial | Edureka
Linux Mint Tutorial | EdurekaLinux Mint Tutorial | Edureka
Linux Mint Tutorial | Edureka
Edureka!
 
How to Deploy Java Web App in AWS| Edureka
How to Deploy Java Web App in AWS| EdurekaHow to Deploy Java Web App in AWS| Edureka
How to Deploy Java Web App in AWS| Edureka
Edureka!
 
Importance of Digital Marketing | Edureka
Importance of Digital Marketing | EdurekaImportance of Digital Marketing | Edureka
Importance of Digital Marketing | Edureka
Edureka!
 
RPA in 2020 | Edureka
RPA in 2020 | EdurekaRPA in 2020 | Edureka
RPA in 2020 | Edureka
Edureka!
 
Email Notifications in Jenkins | Edureka
Email Notifications in Jenkins | EdurekaEmail Notifications in Jenkins | Edureka
Email Notifications in Jenkins | Edureka
Edureka!
 
EA Algorithm in Machine Learning | Edureka
EA Algorithm in Machine Learning | EdurekaEA Algorithm in Machine Learning | Edureka
EA Algorithm in Machine Learning | Edureka
Edureka!
 
Cognitive AI Tutorial | Edureka
Cognitive AI Tutorial | EdurekaCognitive AI Tutorial | Edureka
Cognitive AI Tutorial | Edureka
Edureka!
 
AWS Cloud Practitioner Tutorial | Edureka
AWS Cloud Practitioner Tutorial | EdurekaAWS Cloud Practitioner Tutorial | Edureka
AWS Cloud Practitioner Tutorial | Edureka
Edureka!
 
Blue Prism Top Interview Questions | Edureka
Blue Prism Top Interview Questions | EdurekaBlue Prism Top Interview Questions | Edureka
Blue Prism Top Interview Questions | Edureka
Edureka!
 
Big Data on AWS Tutorial | Edureka
Big Data on AWS Tutorial | Edureka Big Data on AWS Tutorial | Edureka
Big Data on AWS Tutorial | Edureka
Edureka!
 
A star algorithm | A* Algorithm in Artificial Intelligence | Edureka
A star algorithm | A* Algorithm in Artificial Intelligence | EdurekaA star algorithm | A* Algorithm in Artificial Intelligence | Edureka
A star algorithm | A* Algorithm in Artificial Intelligence | Edureka
Edureka!
 
Kubernetes Installation on Ubuntu | Edureka
Kubernetes Installation on Ubuntu | EdurekaKubernetes Installation on Ubuntu | Edureka
Kubernetes Installation on Ubuntu | Edureka
Edureka!
 
Introduction to DevOps | Edureka
Introduction to DevOps | EdurekaIntroduction to DevOps | Edureka
Introduction to DevOps | Edureka
Edureka!
 

More from Edureka! (20)

What to learn during the 21 days Lockdown | Edureka
What to learn during the 21 days Lockdown | EdurekaWhat to learn during the 21 days Lockdown | Edureka
What to learn during the 21 days Lockdown | Edureka
 
Top 10 Dying Programming Languages in 2020 | Edureka
Top 10 Dying Programming Languages in 2020 | EdurekaTop 10 Dying Programming Languages in 2020 | Edureka
Top 10 Dying Programming Languages in 2020 | Edureka
 
Top 5 Trending Business Intelligence Tools | Edureka
Top 5 Trending Business Intelligence Tools | EdurekaTop 5 Trending Business Intelligence Tools | Edureka
Top 5 Trending Business Intelligence Tools | Edureka
 
Tableau Tutorial for Data Science | Edureka
Tableau Tutorial for Data Science | EdurekaTableau Tutorial for Data Science | Edureka
Tableau Tutorial for Data Science | Edureka
 
Python Programming Tutorial | Edureka
Python Programming Tutorial | EdurekaPython Programming Tutorial | Edureka
Python Programming Tutorial | Edureka
 
Top 5 PMP Certifications | Edureka
Top 5 PMP Certifications | EdurekaTop 5 PMP Certifications | Edureka
Top 5 PMP Certifications | Edureka
 
Top Maven Interview Questions in 2020 | Edureka
Top Maven Interview Questions in 2020 | EdurekaTop Maven Interview Questions in 2020 | Edureka
Top Maven Interview Questions in 2020 | Edureka
 
Linux Mint Tutorial | Edureka
Linux Mint Tutorial | EdurekaLinux Mint Tutorial | Edureka
Linux Mint Tutorial | Edureka
 
How to Deploy Java Web App in AWS| Edureka
How to Deploy Java Web App in AWS| EdurekaHow to Deploy Java Web App in AWS| Edureka
How to Deploy Java Web App in AWS| Edureka
 
Importance of Digital Marketing | Edureka
Importance of Digital Marketing | EdurekaImportance of Digital Marketing | Edureka
Importance of Digital Marketing | Edureka
 
RPA in 2020 | Edureka
RPA in 2020 | EdurekaRPA in 2020 | Edureka
RPA in 2020 | Edureka
 
Email Notifications in Jenkins | Edureka
Email Notifications in Jenkins | EdurekaEmail Notifications in Jenkins | Edureka
Email Notifications in Jenkins | Edureka
 
EA Algorithm in Machine Learning | Edureka
EA Algorithm in Machine Learning | EdurekaEA Algorithm in Machine Learning | Edureka
EA Algorithm in Machine Learning | Edureka
 
Cognitive AI Tutorial | Edureka
Cognitive AI Tutorial | EdurekaCognitive AI Tutorial | Edureka
Cognitive AI Tutorial | Edureka
 
AWS Cloud Practitioner Tutorial | Edureka
AWS Cloud Practitioner Tutorial | EdurekaAWS Cloud Practitioner Tutorial | Edureka
AWS Cloud Practitioner Tutorial | Edureka
 
Blue Prism Top Interview Questions | Edureka
Blue Prism Top Interview Questions | EdurekaBlue Prism Top Interview Questions | Edureka
Blue Prism Top Interview Questions | Edureka
 
Big Data on AWS Tutorial | Edureka
Big Data on AWS Tutorial | Edureka Big Data on AWS Tutorial | Edureka
Big Data on AWS Tutorial | Edureka
 
A star algorithm | A* Algorithm in Artificial Intelligence | Edureka
A star algorithm | A* Algorithm in Artificial Intelligence | EdurekaA star algorithm | A* Algorithm in Artificial Intelligence | Edureka
A star algorithm | A* Algorithm in Artificial Intelligence | Edureka
 
Kubernetes Installation on Ubuntu | Edureka
Kubernetes Installation on Ubuntu | EdurekaKubernetes Installation on Ubuntu | Edureka
Kubernetes Installation on Ubuntu | Edureka
 
Introduction to DevOps | Edureka
Introduction to DevOps | EdurekaIntroduction to DevOps | Edureka
Introduction to DevOps | Edureka
 

Recently uploaded

Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 

Recently uploaded (20)

Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 

What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybersecurity Training | Edureka

  • 1. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training
  • 2. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Agenda What is Application Security? What is SQL Injection Attack? Types of SQL Injection Attacks Demo - SQL Injection Attack types Prevention of SQL Injection attack 01 02 03 04 05
  • 3. Copyright © 2019, edureka and/or its affiliates. All rights reserved. Application Security
  • 4. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Cybersecurity Application Security Network Security Information Security Operational Security Disaster Recovery End-user Education Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
  • 5. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Web Application Vulnerabilities Application Security Application security is the use of software, hardware, and procedural methods to protect applications from external threats. 0% 10% 20% 30% 40% 50% 0.06% 0.19% 0.63% 1.69% 2.19% 2.19% 2.44% 2.75% 8.63% 9.69% 18.01% 4.57% 46.97% Denial of Service XML External Entity Open Direct General Bypass Authentication Bypass Remote File Inclusion Full Path Disclosure Remote Code Execution Local File Inclusion Cross Site Request Forgery File Upload SQL Injection Cross Site Scripting
  • 6. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training
  • 7. Copyright © 2019, edureka and/or its affiliates. All rights reserved. What is SQL Injection?
  • 8. Front End: HTML, CSS, JavaScript The need for more advanced technology and dynamic websites grew. Database: MySQL, Oracle, MongoDB Back End: .NET, PHP, Ruby, Python In the early days of internet, building websites was pretty straightforward
  • 9. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training What is SQL Injection? A SQL query is in one way an application interacts with database An SQL Injection occurs when an application fails to sanitize the user input data An attacker can use specially crafted SQL commands to control web application’s database server
  • 10. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training SQL Injection Attack – Non Technical Explanation Drive through <route> and <where should the bus stop?> if <when should the bus stop?>. Sample populated form Drive through route77 and stop at the bus stop if there are people at the bus stop Drive through route77 and do not stop at the bus stop and ignore the rest of the from. if there are people at the bus stop
  • 11. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training SQL Injection Attack – Technical Explanation Sample SQL statement $statement = “SELECT * FROM users WHERE username = ‘$user’ AND password = ‘$password‘“; $statement = “SELECT * FROM users WHERE username = ‘Dean’ AND password = ‘WinchesterS’“; Sample SQL Injection Condition that will always be true, thereby it is accepted as a valid input by the application Instructs the SQL parser that the rest of the line is a comment and should not be executed $statement = “SELECT * FROM users WHERE username = ‘Dean OR ‘1’=‘1’ --‘AND password = ‘WinchesterS’“;
  • 12. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Impact of SQL Injection Attack Extract sensitive information Misusing authentication details Delete data and drop tables
  • 13. Copyright © 2019, edureka and/or its affiliates. All rights reserved. Types of SQL Injection
  • 14. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Categories of SQL Injection SQL Injection Error-based Union-based In-Band SQLi Blind SQLi Out-of-bound SQLi Boolean-based Time-based
  • 15. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Error BasedError Based Types of SQL Injection Error-based SQL Injection Union-based SQL Injection Union Based Boolean Based Time Based Out-of-bound https://example.com/index.php?id=1 AND SELECT "mysql" UNION SELECT @@version https://example.com/index.php?id=1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)-- https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',true,false) https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',sleep(3),false)) Out-of-boundTime BasedUnion Based Boolean Based
  • 16. Copyright © 2019, edureka and/or its affiliates. All rights reserved. Demo – Types of SQL Injection
  • 17. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Preventing SQL Injection Performing static and dynamic testing Using parameterized queries and ORMs Using escape characters in SQL queries Enforcing least privilege on database Enabling web-application firewalls
  • 18. Copyright © 2019, edureka and/or its affiliates. All rights reserved. Exploiting SQL Vulnerability in Application
  • 19. Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training