SlideShare a Scribd company logo

SQL INJECTION ATTACKS.pptx

Download as PPTX, PDF
R
REMEGIUSPRAVEENSAHAY

The document discusses avoiding vulnerability in web applications due to SQL injection attacks. It proposes using encryption techniques like AES encryption and secure hashing to encrypt SQL queries before sending them to the database. The proposed system architecture encrypts the username and password during registration using AES encryption, and then hashes the encrypted value for storage in the database. This makes unauthorized access and SQL injection attacks more difficult. Screenshots show the protected login page working to help prevent SQL injection attacks.

Business
1 of 18
LOYOLA – ICAM COLLEGE OF ENGINEERING AND TECHNOLOGY (LICET) Loyola College Campus, Nungambakkam , Chennai – 34 AVOIDING VULNERABILITY IN DATAADMITTANCE OF WEB APPLICATIONS BASED ON ENCRYPTION TECHNIQUES Done by Guide L.DIVYA [32810104013] Mr L REMEGIUS PRAVEEN SAHAYARAJ V.PAVITHRA [32810104042] P.SHANTHI PRIYA [32810104054] Area Of Reasearch: Database Security
INTRODUCTION • Area Of Research: Database Security • A less secure Web application design may allow crafted injection and malicious update on the backend database. This trend can cause lots of damages and thefts of trusted users sensitive data by unauthorized users • Motivation of this Research 1. Encryption & hashing will provide more security in database. 2. SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique. • Web Application is a Three Tier Architecture with Client, Server & DataBase. •
AGENDA • Abstract. • Existing system. • Proposed system and its limitations. • System Architecture and its advantages. • Screenshots. • Conclusion. • References.
ABSTRACT Web applications are steadily increasing in our daily routines activities and continue to integrate them. Online Banking, On-line reservations, on-line shopping expect these web applications to be secure and reliable the terror of SQL– Injection Attacks has become increasingly frequent and serious. SQL Injection Attacks are one of the topmost threats for web application security. Using SQL Injection attackers can leak confidential information: such as credit card numbers, ATM pins, User credentials from web applications and even corrupt the database. In this paper, some predefined methods are discussed and integrated approach of encryption method with secure hashing is applied in the database to avoid attack on each and every phase.
EXISTING SYSTEM • Tame-card detection and prevention • Functionality of temporary authentication • Vulnerability detection -Static analysis -Dynamic analysis • Predefined method and hybrid encryption methods applied • Hash value approach with SQLIPA prototype • Runtime attack prevention - Client side prevention - Server side prevention
LIMITATIONS • SQL Injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind. • Essentially, the attack is accomplished by placing a meta character into data input to then place SQL commands in the control plane, which did not exist there before. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.
Literature survey Title Work done Inference Detection of SQL Injection Attack and Various Prevention Strategies. This paper presents a security methods we are able to reduce the total number of alerts from four to zero alert by scanning the website using vulnerability tool. SQL Injection attack occurs due to vulnerabilities present in the website that allows the hacker to by passes the SQL statements and hence enters into the database queries directly. SQL Injection is the first step in entry to exploiting or hacking any website available on internet. Got Clear Idea about Attacks and this algorithm is like mutation based so it takes plenty of time to identify the attacks Protection of Web Application againstSql Injection Attacks In this paper, various types of SQL injection attacks as well as predefined prevention methods are discussed. Then the hybrid encryption method is used which includes AES encryption and Rabin’s cryptosystem. The reason behind the use of two layer of encryption is that it will be more secured. SQL query is generated and encrypted by Rabin’s cryptosystem because even if hackers hack the information and decode the AES encryption part, it will still be more difficult for them to know about the encrypted query Add some more security to databases to avoid SQL injection attack.
Cont.. SQL INJECTION Attacks in Web Application In this paper, we have presented the rst formal definition of command injection attacks in web applications. Based on this definition, we have developed a sound and complete runtime checking algorithm for preventing command injection attacks and produced a working implementation of the algorithm. SQLCIAs precisely and incurred low runtime overhead. Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA This paper also contains strengths and weaknesses of various SQL injection attacks. At last we also proposed the scheme to handle the SQLIA and strong enough to prevent them. The use of internet increases day by day. As the number of computer users increases, the number reported cases of cybercrime increases. While, on the other side, the organization increases the use of office automation software & services, that helps them to maintain the confidential information with less efforts. A new approach that is completely based on the hash method of using the SQL queries in the web-based environment, which is much secure and provide the prevention from the attackers SQL.
PROPOSED SYSTEM • AES encryption and combined approach of secure hashing on encryption. • By applying encryption technique, database attacks can be prevented. Encryption of data basically helps to change the data into a form that is not readable. Without the correct key, this format can’t be deciphered even if attacker hacks the information. Application of encryption in login phase makes it difficult for unauthorized users to access the database.
ADVANTAGES • Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities. • Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password. • Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability. • Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack.
OVERALL SYSTEM ARCHITECTURE Username Password Encrypted AES Code AES SHA1 SHA(AES) Username & Password Registration Encrypted string of Username & Password Data Base Access Permitted Value check in DB No Access SQL Injection Attack Authentication Schemes Login Interface
OVERALL SYSTEM ARCHITECTURE • SQL injection attacks are nothing but injecting malicious queries by the hackers into the application projected queries to get the desired outputs from the database. SQL Injection allows an attacker to create, read, update, modify, or delete data stored in the back-end database. • While Typing SQL keywords and control signs an intruder is able to modify the structure of SQL query developed by a Web designer. • SQL Injection attacks can take place when a web application utilizes user-supplied data without proper validation or encoding as part of a command or query
RESULTS Registering the username and password in the login page Username and Password stored in the login table
Unprotected login page Protected Login
Exit page
CONCLUSION • SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique and as we know hashed codes is a one way encryption technique thus it is not possible to decode it. This proposed integrated approach is an effort to add some more security measures to databases to avoid SQL injection attack. • The web-application code perfectly contains a policy that allows distinguishing lawful and malicious queries. • This area is in need of more research, mainly because of various reasons: SQL injection attacks are most probable to change and new vulnerabilities will be found, collectively with new countermeasures to deal with them. As many hacking sites are existing on the web, and since attack methods are well described and circulated between hackers, we believe that information about new attack methods must be constantly surveyed and new counter measures should be developed. • So, in future, a new technique can be developed so that it is capable for other varieties of SQL Injection Attacks also. Due to which, this technique will be able to prevent SQL Injection Attack totally.
REFERENCES [1] Priyanka, Vijay Kumar Bohat, (April 2013) ’Detection of SQL Injection Attack and Various Prevention Strategies’, International Journaand Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-2, Issue-4. [2] Sonam Panda, 1 Ramani S2,(Jan-Feb.2013),’Protection of Web Application against Sql Injection Attacks ‘, International Journal of Modern Engineering Research (IJMER) Vol.3, Issue.1, pp-166-168 ISSN: 2249-6645. [3] Mihir Gandhi, JwalantBaria,( January 2013)’SQL INJECTION Attacks in Web Application’International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-2, Issue-6. [4] By Mayank Namdev*, Fehreen Hasan, Gaurav Shrivastav(July 2012) ‘Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA”Volume 2, Issue 7. [5] Shubham Srivastava1, Rajeev Ranjan Kumar Tripathi, ‘Attacks Dueto SQL Injection & Their Prevention Method for Web-Application (IJCSIT) International Journal of Computer Science and InformationTechnologies, Vol. 3 (2) , 2012,3615-3618. [6] Indrani Balasundaram, E.Ramaraj,’An Authentication Scheme forPreventing SQL injection Attack using Hybrid Encryption’ (ISSN 1450-216,2011, Vol.53,pp.359-368. [7] AtefehTajpour et al. ‘Evaluation of SQL Injection Detetion andPrevention Techniques’ Second International Conference onComputational Intelligence, 2010. [8] Shaukat Ali, Azhar Rauf, Huma Javed,’SQLIPA: An Authentication Mechanism Against SQL Injection’, European Journal of Scientific Research ISSN 1450-216X Vol.38 No.4 (2009), pp 604-611. [9] Sayyed Mohammad Sadegh Sajjadi and Bahare Tajalli Pour,( September 2013) ‘Study of SQL Injection Attacks and Countermeasures’, International Journal of Computer and Communication Engineering, Vol. 2, No. 5. [10] W. G. Halfond, J. Viegas, and A. Orso , ‘A Classification of SQLInjection Attacks and Countermeasures,’ in Proc. the International Symposium on Secure Software Engineering 2006.
THANK YOU

Recommended

IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET Journal
 
Op2423922398
Op2423922398Op2423922398
Op2423922398
IJERA Editor
 
Literature Survey on Web based Recognition of SQL Injection Attacks
Literature Survey on Web based Recognition of SQL Injection AttacksLiterature Survey on Web based Recognition of SQL Injection Attacks
Literature Survey on Web based Recognition of SQL Injection Attacks
IRJET Journal
 
Ld3420072014
Ld3420072014Ld3420072014
Ld3420072014
IJERA Editor
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
IRJET Journal
 
Ijeee 51-57-preventing sql injection attacks in web application
Ijeee 51-57-preventing sql injection attacks in web applicationIjeee 51-57-preventing sql injection attacks in web application
Ijeee 51-57-preventing sql injection attacks in web application
Kumar Goud
 
Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection Attack
IJRESJOURNAL
 
Prevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabasePrevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML Database
IOSR Journals
 

Recommended

IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET Journal
 
Op2423922398
Op2423922398Op2423922398
Op2423922398
IJERA Editor
 
Literature Survey on Web based Recognition of SQL Injection Attacks
Literature Survey on Web based Recognition of SQL Injection AttacksLiterature Survey on Web based Recognition of SQL Injection Attacks
Literature Survey on Web based Recognition of SQL Injection Attacks
IRJET Journal
 
Ld3420072014
Ld3420072014Ld3420072014
Ld3420072014
IJERA Editor
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
IRJET Journal
 
Ijeee 51-57-preventing sql injection attacks in web application
Ijeee 51-57-preventing sql injection attacks in web applicationIjeee 51-57-preventing sql injection attacks in web application
Ijeee 51-57-preventing sql injection attacks in web application
Kumar Goud
 
Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection Attack
IJRESJOURNAL
 
Prevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabasePrevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML Database
IOSR Journals
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx
0567Padma
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
Cryptoghaphy
CryptoghaphyCryptoghaphy
Cryptoghaphy
anita bodke
 
A Study on Detection and Prevention of SQL Injection Attack
A Study on Detection and Prevention of SQL Injection AttackA Study on Detection and Prevention of SQL Injection Attack
A Study on Detection and Prevention of SQL Injection Attack
IRJET Journal
 
Ijcatr04041018
Ijcatr04041018Ijcatr04041018
Ijcatr04041018
Editor IJCATR
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
penetration Tester
 
SQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsSQL Injection: Unraveling the Threats
SQL Injection: Unraveling the Threats
InsecureLab
 
Prevention of SQL injection in E- Commerce
Prevention of SQL injection in E- CommercePrevention of SQL injection in E- Commerce
Prevention of SQL injection in E- Commerce
ijceronline
 
Sql injection
Sql injectionSql injection
Sql injection
Praneeth Perera
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
theijes
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
ijsrd.com
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacks
ijsrd.com
 
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Boston Institute of Analytics
 
Step by step guide for web application security testing
Step by step guide for web application security testingStep by step guide for web application security testing
Step by step guide for web application security testing
Avyaan, Web Security Company in India
 
Web security
Web securityWeb security
Web security
dogangcr
 
Security testing
Security testingSecurity testing
Security testing
Tabăra de Testare
 
A hybrid technique for sql injection attacks detection and prevention
A hybrid technique for sql injection attacks detection and preventionA hybrid technique for sql injection attacks detection and prevention
A hybrid technique for sql injection attacks detection and prevention
ijdms
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET Journal
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
YasserElsnbary
 
eti.pptx
eti.pptxeti.pptx
eti.pptx
15SYGaneshHipparkar
 
Digital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital ExcellenceDigital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital Excellence
Operational Excellence Consulting
 
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Lviv Startup Club
 

More Related Content

Similar to SQL INJECTION ATTACKS.pptx

csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx
0567Padma
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
Cryptoghaphy
CryptoghaphyCryptoghaphy
Cryptoghaphy
anita bodke
 
A Study on Detection and Prevention of SQL Injection Attack
A Study on Detection and Prevention of SQL Injection AttackA Study on Detection and Prevention of SQL Injection Attack
A Study on Detection and Prevention of SQL Injection Attack
IRJET Journal
 
Ijcatr04041018
Ijcatr04041018Ijcatr04041018
Ijcatr04041018
Editor IJCATR
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
penetration Tester
 
SQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsSQL Injection: Unraveling the Threats
SQL Injection: Unraveling the Threats
InsecureLab
 
Prevention of SQL injection in E- Commerce
Prevention of SQL injection in E- CommercePrevention of SQL injection in E- Commerce
Prevention of SQL injection in E- Commerce
ijceronline
 
Sql injection
Sql injectionSql injection
Sql injection
Praneeth Perera
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
theijes
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
ijsrd.com
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacks
ijsrd.com
 
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Boston Institute of Analytics
 
Step by step guide for web application security testing
Step by step guide for web application security testingStep by step guide for web application security testing
Step by step guide for web application security testing
Avyaan, Web Security Company in India
 
Web security
Web securityWeb security
Web security
dogangcr
 
Security testing
Security testingSecurity testing
Security testing
Tabăra de Testare
 
A hybrid technique for sql injection attacks detection and prevention
A hybrid technique for sql injection attacks detection and preventionA hybrid technique for sql injection attacks detection and prevention
A hybrid technique for sql injection attacks detection and prevention
ijdms
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET Journal
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
YasserElsnbary
 
eti.pptx
eti.pptxeti.pptx
eti.pptx
15SYGaneshHipparkar
 

Similar to SQL INJECTION ATTACKS.pptx (20)

csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Cryptoghaphy
CryptoghaphyCryptoghaphy
Cryptoghaphy
 
A Study on Detection and Prevention of SQL Injection Attack
A Study on Detection and Prevention of SQL Injection AttackA Study on Detection and Prevention of SQL Injection Attack
A Study on Detection and Prevention of SQL Injection Attack
 
Ijcatr04041018
Ijcatr04041018Ijcatr04041018
Ijcatr04041018
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
 
SQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsSQL Injection: Unraveling the Threats
SQL Injection: Unraveling the Threats
 
Prevention of SQL injection in E- Commerce
Prevention of SQL injection in E- CommercePrevention of SQL injection in E- Commerce
Prevention of SQL injection in E- Commerce
 
Sql injection
Sql injectionSql injection
Sql injection
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacks
 
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
 
Step by step guide for web application security testing
Step by step guide for web application security testingStep by step guide for web application security testing
Step by step guide for web application security testing
 
Web security
Web securityWeb security
Web security
 
Security testing
Security testingSecurity testing
Security testing
 
A hybrid technique for sql injection attacks detection and prevention
A hybrid technique for sql injection attacks detection and preventionA hybrid technique for sql injection attacks detection and prevention
A hybrid technique for sql injection attacks detection and prevention
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A Survey
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
eti.pptx
eti.pptxeti.pptx
eti.pptx
 

Recently uploaded

Digital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital ExcellenceDigital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital Excellence
Operational Excellence Consulting
 
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Lviv Startup Club
 
Profiles of Iconic Fashion Personalities.pdf
Profiles of Iconic Fashion Personalities.pdfProfiles of Iconic Fashion Personalities.pdf
Profiles of Iconic Fashion Personalities.pdf
TTop Threads
 
The latest Heat Pump Manual from Newentide
The latest Heat Pump Manual from NewentideThe latest Heat Pump Manual from Newentide
The latest Heat Pump Manual from Newentide
JoeYangGreatMachiner
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
AnnySerafinaLove
 
Pitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deckPitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deck
HajeJanKamps
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
Top Forex Brokers Review
 
TIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup IndustryTIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup Industry
timesbpobusiness
 
Registered-Establishment-List-in-Uttarakhand-pdf.pdf
Registered-Establishment-List-in-Uttarakhand-pdf.pdfRegistered-Establishment-List-in-Uttarakhand-pdf.pdf
Registered-Establishment-List-in-Uttarakhand-pdf.pdf
dazzjoker
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
CLIVE MINCHIN
 
The Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb PlatformThe Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb Platform
SabaaSudozai
 
The Most Inspiring Entrepreneurs to Follow in 2024.pdf
The Most Inspiring Entrepreneurs to Follow in 2024.pdfThe Most Inspiring Entrepreneurs to Follow in 2024.pdf
The Most Inspiring Entrepreneurs to Follow in 2024.pdf
thesiliconleaders
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Neil Horowitz
 
Digital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on SustainabilityDigital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on Sustainability
sssourabhsharma
 
Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
Alexandra Fulford
 
Top 10 Free Accounting and Bookkeeping Apps for Small Businesses
Top 10 Free Accounting and Bookkeeping Apps for Small BusinessesTop 10 Free Accounting and Bookkeeping Apps for Small Businesses
Top 10 Free Accounting and Bookkeeping Apps for Small Businesses
YourLegal Accounting
 
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
Lacey Max
 
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdfHOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
46adnanshahzad
 

Recently uploaded (20)

Digital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital ExcellenceDigital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital Excellence
 
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
 
Profiles of Iconic Fashion Personalities.pdf
Profiles of Iconic Fashion Personalities.pdfProfiles of Iconic Fashion Personalities.pdf
Profiles of Iconic Fashion Personalities.pdf
 
The latest Heat Pump Manual from Newentide
The latest Heat Pump Manual from NewentideThe latest Heat Pump Manual from Newentide
The latest Heat Pump Manual from Newentide
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
 
Pitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deckPitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deck
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
 
TIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup IndustryTIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup Industry
 
Registered-Establishment-List-in-Uttarakhand-pdf.pdf
Registered-Establishment-List-in-Uttarakhand-pdf.pdfRegistered-Establishment-List-in-Uttarakhand-pdf.pdf
Registered-Establishment-List-in-Uttarakhand-pdf.pdf
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
 
The Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb PlatformThe Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb Platform
 
The Most Inspiring Entrepreneurs to Follow in 2024.pdf
The Most Inspiring Entrepreneurs to Follow in 2024.pdfThe Most Inspiring Entrepreneurs to Follow in 2024.pdf
The Most Inspiring Entrepreneurs to Follow in 2024.pdf
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
 
Digital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on SustainabilityDigital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on Sustainability
 
Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
 
Top 10 Free Accounting and Bookkeeping Apps for Small Businesses
Top 10 Free Accounting and Bookkeeping Apps for Small BusinessesTop 10 Free Accounting and Bookkeeping Apps for Small Businesses
Top 10 Free Accounting and Bookkeeping Apps for Small Businesses
 
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
 
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdfHOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
 

SQL INJECTION ATTACKS.pptx

  • 1. LOYOLA – ICAM COLLEGE OF ENGINEERING AND TECHNOLOGY (LICET) Loyola College Campus, Nungambakkam , Chennai – 34 AVOIDING VULNERABILITY IN DATAADMITTANCE OF WEB APPLICATIONS BASED ON ENCRYPTION TECHNIQUES Done by Guide L.DIVYA [32810104013] Mr L REMEGIUS PRAVEEN SAHAYARAJ V.PAVITHRA [32810104042] P.SHANTHI PRIYA [32810104054] Area Of Reasearch: Database Security
  • 2. INTRODUCTION • Area Of Research: Database Security • A less secure Web application design may allow crafted injection and malicious update on the backend database. This trend can cause lots of damages and thefts of trusted users sensitive data by unauthorized users • Motivation of this Research 1. Encryption & hashing will provide more security in database. 2. SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique. • Web Application is a Three Tier Architecture with Client, Server & DataBase. •
  • 3. AGENDA • Abstract. • Existing system. • Proposed system and its limitations. • System Architecture and its advantages. • Screenshots. • Conclusion. • References.
  • 4. ABSTRACT Web applications are steadily increasing in our daily routines activities and continue to integrate them. Online Banking, On-line reservations, on-line shopping expect these web applications to be secure and reliable the terror of SQL– Injection Attacks has become increasingly frequent and serious. SQL Injection Attacks are one of the topmost threats for web application security. Using SQL Injection attackers can leak confidential information: such as credit card numbers, ATM pins, User credentials from web applications and even corrupt the database. In this paper, some predefined methods are discussed and integrated approach of encryption method with secure hashing is applied in the database to avoid attack on each and every phase.
  • 5. EXISTING SYSTEM • Tame-card detection and prevention • Functionality of temporary authentication • Vulnerability detection -Static analysis -Dynamic analysis • Predefined method and hybrid encryption methods applied • Hash value approach with SQLIPA prototype • Runtime attack prevention - Client side prevention - Server side prevention
  • 6. LIMITATIONS • SQL Injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind. • Essentially, the attack is accomplished by placing a meta character into data input to then place SQL commands in the control plane, which did not exist there before. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.
  • 7. Literature survey Title Work done Inference Detection of SQL Injection Attack and Various Prevention Strategies. This paper presents a security methods we are able to reduce the total number of alerts from four to zero alert by scanning the website using vulnerability tool. SQL Injection attack occurs due to vulnerabilities present in the website that allows the hacker to by passes the SQL statements and hence enters into the database queries directly. SQL Injection is the first step in entry to exploiting or hacking any website available on internet. Got Clear Idea about Attacks and this algorithm is like mutation based so it takes plenty of time to identify the attacks Protection of Web Application againstSql Injection Attacks In this paper, various types of SQL injection attacks as well as predefined prevention methods are discussed. Then the hybrid encryption method is used which includes AES encryption and Rabin’s cryptosystem. The reason behind the use of two layer of encryption is that it will be more secured. SQL query is generated and encrypted by Rabin’s cryptosystem because even if hackers hack the information and decode the AES encryption part, it will still be more difficult for them to know about the encrypted query Add some more security to databases to avoid SQL injection attack.
  • 8. Cont.. SQL INJECTION Attacks in Web Application In this paper, we have presented the rst formal definition of command injection attacks in web applications. Based on this definition, we have developed a sound and complete runtime checking algorithm for preventing command injection attacks and produced a working implementation of the algorithm. SQLCIAs precisely and incurred low runtime overhead. Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA This paper also contains strengths and weaknesses of various SQL injection attacks. At last we also proposed the scheme to handle the SQLIA and strong enough to prevent them. The use of internet increases day by day. As the number of computer users increases, the number reported cases of cybercrime increases. While, on the other side, the organization increases the use of office automation software & services, that helps them to maintain the confidential information with less efforts. A new approach that is completely based on the hash method of using the SQL queries in the web-based environment, which is much secure and provide the prevention from the attackers SQL.
  • 9. PROPOSED SYSTEM • AES encryption and combined approach of secure hashing on encryption. • By applying encryption technique, database attacks can be prevented. Encryption of data basically helps to change the data into a form that is not readable. Without the correct key, this format can’t be deciphered even if attacker hacks the information. Application of encryption in login phase makes it difficult for unauthorized users to access the database.
  • 10. ADVANTAGES • Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities. • Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password. • Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability. • Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack.
  • 11. OVERALL SYSTEM ARCHITECTURE Username Password Encrypted AES Code AES SHA1 SHA(AES) Username & Password Registration Encrypted string of Username & Password Data Base Access Permitted Value check in DB No Access SQL Injection Attack Authentication Schemes Login Interface
  • 12. OVERALL SYSTEM ARCHITECTURE • SQL injection attacks are nothing but injecting malicious queries by the hackers into the application projected queries to get the desired outputs from the database. SQL Injection allows an attacker to create, read, update, modify, or delete data stored in the back-end database. • While Typing SQL keywords and control signs an intruder is able to modify the structure of SQL query developed by a Web designer. • SQL Injection attacks can take place when a web application utilizes user-supplied data without proper validation or encoding as part of a command or query
  • 13. RESULTS Registering the username and password in the login page Username and Password stored in the login table
  • 14. Unprotected login page Protected Login
  • 16. CONCLUSION • SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique and as we know hashed codes is a one way encryption technique thus it is not possible to decode it. This proposed integrated approach is an effort to add some more security measures to databases to avoid SQL injection attack. • The web-application code perfectly contains a policy that allows distinguishing lawful and malicious queries. • This area is in need of more research, mainly because of various reasons: SQL injection attacks are most probable to change and new vulnerabilities will be found, collectively with new countermeasures to deal with them. As many hacking sites are existing on the web, and since attack methods are well described and circulated between hackers, we believe that information about new attack methods must be constantly surveyed and new counter measures should be developed. • So, in future, a new technique can be developed so that it is capable for other varieties of SQL Injection Attacks also. Due to which, this technique will be able to prevent SQL Injection Attack totally.
  • 17. REFERENCES [1] Priyanka, Vijay Kumar Bohat, (April 2013) ’Detection of SQL Injection Attack and Various Prevention Strategies’, International Journaand Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-2, Issue-4. [2] Sonam Panda, 1 Ramani S2,(Jan-Feb.2013),’Protection of Web Application against Sql Injection Attacks ‘, International Journal of Modern Engineering Research (IJMER) Vol.3, Issue.1, pp-166-168 ISSN: 2249-6645. [3] Mihir Gandhi, JwalantBaria,( January 2013)’SQL INJECTION Attacks in Web Application’International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-2, Issue-6. [4] By Mayank Namdev*, Fehreen Hasan, Gaurav Shrivastav(July 2012) ‘Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA”Volume 2, Issue 7. [5] Shubham Srivastava1, Rajeev Ranjan Kumar Tripathi, ‘Attacks Dueto SQL Injection & Their Prevention Method for Web-Application (IJCSIT) International Journal of Computer Science and InformationTechnologies, Vol. 3 (2) , 2012,3615-3618. [6] Indrani Balasundaram, E.Ramaraj,’An Authentication Scheme forPreventing SQL injection Attack using Hybrid Encryption’ (ISSN 1450-216,2011, Vol.53,pp.359-368. [7] AtefehTajpour et al. ‘Evaluation of SQL Injection Detetion andPrevention Techniques’ Second International Conference onComputational Intelligence, 2010. [8] Shaukat Ali, Azhar Rauf, Huma Javed,’SQLIPA: An Authentication Mechanism Against SQL Injection’, European Journal of Scientific Research ISSN 1450-216X Vol.38 No.4 (2009), pp 604-611. [9] Sayyed Mohammad Sadegh Sajjadi and Bahare Tajalli Pour,( September 2013) ‘Study of SQL Injection Attacks and Countermeasures’, International Journal of Computer and Communication Engineering, Vol. 2, No. 5. [10] W. G. Halfond, J. Viegas, and A. Orso , ‘A Classification of SQLInjection Attacks and Countermeasures,’ in Proc. the International Symposium on Secure Software Engineering 2006.