SQL injection is an attack where malicious code is inserted into strings that are passed to a database for execution. For example, a query may select users by name, where the name value comes from user input. A malicious user could insert code like '; DROP TABLE users --' to drop the users table. To prevent SQL injection, user input should not be trusted and meta-characters should be escaped, or parameterized statements using stored procedures can be used. Proper error handling is also important.

1. SQL Injection: Exploit and Defense Duong Ngo - CSG

2. SQL Injection? - An attack in which malicious code is inserted into strings that are later passed to an instance of Database Server for execution .

3. SQL Injection Example SQLquery = "SELECT * FROM users WHERE name = '" + UserName +"';" - UserName 's value is from user input. - Malicious user input = blah'; DROP TABLE users -- - Final query would look likes this: SELECT * FROM users WHERE name = ' blah'; DROP TABLE users; --'

4. DEMO

5. AND 1 = "blah" -> Error ? Why? - Because "blah" can Not be converted to Integer in order to compare with 1 - What If attackers replace "blah" with a [ SQL query that returns a String ] ??

6. Preventing SQL injection - Do Not trust any user input - Escaping meta-characters : ' " ; -- - Parameterized statements using SQL stored-procedure - Error handling - Preventing revealing error messages

7. THANK YOU !!