The document discusses web application security and SQL injections. It defines a web application as any application served via HTTP/HTTPS from a remote server. Web applications often collect sensitive personal data, so security is important to protect privacy and limit legal liability. Hackers can exploit vulnerabilities like SQL injections to access unauthorized data. The document outlines common SQL injection techniques, like modifying queries with additional commands or UNION operators, and recommends best practices like parameterized queries and input validation to prevent SQL injections.
In this presentation I covered almost all basic details about SQL Injection. So you can get best knowledge about SQL Injection (SQLI).
This presentation contains animation so try out it on PC's.
SQL injection attack is the most common and difficult to handle attacks now days. SQL injection attack is of five types. In these paper details of SQL injection is mentioned.
In this presentation I covered almost all basic details about SQL Injection. So you can get best knowledge about SQL Injection (SQLI).
This presentation contains animation so try out it on PC's.
SQL injection attack is the most common and difficult to handle attacks now days. SQL injection attack is of five types. In these paper details of SQL injection is mentioned.
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
(** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **)
This ‘SQL Injection Attack’ PPT by Edureka will help you learn one of the most dangerous web application vulnerability – SQL Injection.
Below is the list of topics covered in this session:
Web Application Security
What is SQL Injection Attack?
Types of SQL Injection attacks
Demo – SQL Injection Attack Types
Prevention of SQL Injection Attack
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
• What is SQL injection ?
• Why is it harmful?
• Types of SQL injection attacks.
• How to identify SQL injection vulnerability.
• Exploiting SQL injection.
• How to protect Web Application from SQL injection.
What is advanced SQL Injection? InfographicJW CyberNerd
SQL injection is a technique used to take advantage of un-sanitized input vulnerabilities to pass SQL commands through a web application for execution by a backend database. It is a basic attack used to either gain unauthorized access to a database or retrieve information directly from the database.
Learn how SQL injection works, and explore advanced SQL injection attacks: https://iclass.eccouncil.org/product/web-application-hacking-security/
What they are, steps you can take to prevent them, a brief overview.
3/13/2013 winter term 2013 at Portland State University for the Introduction to Databases class.
Presented by Stacy Watts and Tyler Fetters
SQL injection is a type of security exploit in which the attacker adds SQL statements through a web application's input fields or hidden parameters to gain access to resources or make changes to data.
The slide consists of:
An explanation for SQL injections.
First order and second order SQL injections.
Methods: Normal and Blind SQL injections with examples.
Examples: Injection using true/false, drop table and update table commands.
Prevention using dynamic embedded SQL queries.
Conclusion and References.
SQL Injection is a dangerous vulnerability. The transformation from a normal SQL to a malicious query. The successful SQL injection attack can lead to unauthorized access, change or delete data, and theft of information. Do not take SQL injection for granted.
SQL injection is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution.
This is a method to attack web applications that have a data repository.The
attacker would send a specially crafted SQL statement that is designed to cause
some malicious action.SQL injection is an attack technique that exploits a security
vulnerability occurring in the database layer of an application and a service. This
is most often found within web pages with dynamic content.
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
(** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **)
This ‘SQL Injection Attack’ PPT by Edureka will help you learn one of the most dangerous web application vulnerability – SQL Injection.
Below is the list of topics covered in this session:
Web Application Security
What is SQL Injection Attack?
Types of SQL Injection attacks
Demo – SQL Injection Attack Types
Prevention of SQL Injection Attack
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
• What is SQL injection ?
• Why is it harmful?
• Types of SQL injection attacks.
• How to identify SQL injection vulnerability.
• Exploiting SQL injection.
• How to protect Web Application from SQL injection.
What is advanced SQL Injection? InfographicJW CyberNerd
SQL injection is a technique used to take advantage of un-sanitized input vulnerabilities to pass SQL commands through a web application for execution by a backend database. It is a basic attack used to either gain unauthorized access to a database or retrieve information directly from the database.
Learn how SQL injection works, and explore advanced SQL injection attacks: https://iclass.eccouncil.org/product/web-application-hacking-security/
What they are, steps you can take to prevent them, a brief overview.
3/13/2013 winter term 2013 at Portland State University for the Introduction to Databases class.
Presented by Stacy Watts and Tyler Fetters
SQL injection is a type of security exploit in which the attacker adds SQL statements through a web application's input fields or hidden parameters to gain access to resources or make changes to data.
The slide consists of:
An explanation for SQL injections.
First order and second order SQL injections.
Methods: Normal and Blind SQL injections with examples.
Examples: Injection using true/false, drop table and update table commands.
Prevention using dynamic embedded SQL queries.
Conclusion and References.
SQL Injection is a dangerous vulnerability. The transformation from a normal SQL to a malicious query. The successful SQL injection attack can lead to unauthorized access, change or delete data, and theft of information. Do not take SQL injection for granted.
SQL injection is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution.
This is a method to attack web applications that have a data repository.The
attacker would send a specially crafted SQL statement that is designed to cause
some malicious action.SQL injection is an attack technique that exploits a security
vulnerability occurring in the database layer of an application and a service. This
is most often found within web pages with dynamic content.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
Sql injection bypassing hand book blackroseNoaman Aziz
In this book I am not gonna teach you Basics of SQL injection, I will assume that you already know them, because cmon every one talks about it, you will find tons and tons of posts on forums related to basics of SQL Injection, In this post I will talk about common methods of used by hackers and pentesters for evading IDS, IPS, WAF's such as Modsecurity, dotdefender etc .
digital marketing training in chennai.digital marketing training.digital marketing training in chennai.digital marketing training.digital marketing training in chennai.digital marketing training.digital marketing training in chennai.digital marketing training.
SQL injection is the major susceptible attack in today’s era of web application which attacks the database to gain unauthorized and illicit access. It works as an intermediate between web application and database. Most of the time, well-known people fire the SQL injection, who is previously working in the organisation on the present database. Today organisation has major concern is to stop SQL injection because it is the major vulnerable attack in the database. SQLI attacks target databases that are reachable through web front. SQLI prevention technique efficiently blocked all of the attacks without generating any false positive. In this paper we present different techniques and tools which can prevent various attacks.
SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server (also commonly referred to as a Relational Database Management System – RDBMS).
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Siteijtsrd
Structured Query Language (SQL) Injection is a code injection technique that exploits security vulnerability occurring in database layer of web applications [8]. According to Open Web Application Security Projects (OWASP), SQL Injection is one of top 10 web based attacks [10]. This paper shows the basics of SQL Injection attack, types of SQL Injection Attack according to their classification. It also describes the survey of different SQL Injection attack detection and prevention. At the end of this paper, the comparison of different SQL Injection Attack detection and prevention is shown. Mr. Vishal Andodariya"SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-4 , June 2018, URL: http://www.ijtsrd.com/papers/ijtsrd13034.pdf http://www.ijtsrd.com/computer-science/computer-security/13034/sql-injection-attack-detection-and-prevention-techniques-to-secure-web-site/mr-vishal-andodariya
A presentation of OWASP's top 10 most common web application security flaws. The content in the slides is sourced from various sources listed in the references section.
You have been hearing this buzzword lately, Responsive Website but do not have a perfect clue regarding what is it. Allow me to take you on a visual walk-through to explain its meaning in the most simplest terms
HTML5 is a language for structuring and presenting content for the World Wide Web. it is the fifth revision of the HTML standard (created in 1990 and standardized as HTML4 as of 1997) and as of February 2012 is still under development. Its core aims have been to improve the language with support for the latest multimedia while keeping it easily readable by humans and consistently understood by computers and devices (web browsers, parsers, etc.). It improves interoperability and reduces development costs by making precise rules on how to handle all HTML elements, and how to recover from errors
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
2. What is a web-application?
Any application that is served commonly via
the http or https protocol.
Usually being served from a remote computer
acting as the host or the server.
3. Why is Web Application Security Important?
Web applications are used to perform most major tasks or
website functions. They include forms that collect
personal, classified and confidential information such as
medical history, credit and bank account information as
well as user satisfaction feedback.
If your organization is legally bound by legislations to
protect the privacy and security of personally identifiable
information, and hackers can get at this sensitive
information, you run the risk of being found guilty of non-
compliance.
Almost 75 percent of attacks are tunneling through web
applications .
The consequences of a security breach are great: loss of
revenues, damage to credibility, legal liability and loss of
customer trust.
4. On average, there are anywhere from 5 to 15 defects
per 1,000 lines of code.
A 5-year Pentagon study concluded that it takes an
average of 75 minutes to track down one defect.
Fixing one of these defects takes 2 to 9 hours each.
That translates to 150 hours, or roughly $30,000, to
clean every 1,000 lines of code.
• Researching each of the 4,200 vulnerabilities
published by CERT for just 10 minutes would have
required 1 staffer to research for 17.5 full workweeks or
700 hours.
Gartner Group estimates that a company with 1,000
servers can spend $300,000 to test and deploy a patch;
most companies deploy several patches a week.
5. How Hackers Get In ?
Browser-based attacks use flaws in the web-based
application code. Software most vulnerable to these
types of attacks includes:
User interface code -- provides the look and feel of
the site .
Web server -- supports the physical
communication between the user’s browser and
the web applications .
Front-end applications -- interfaces directly with
the user interface code, and back-end systems .
6. Common Vulnerabilities
Hack attack What hackers use it for ?
Cookie Poisoning Identity theft/ Session Hijack
Hidden Field Manipulation eShoplifting
Parameter Tampering Fraud
Buffer Overflow Denial of Service/ Closure of Business
Cross-Site Scripting Hijacking/ Identity Theft
Backdoor and Debug Trespassing
Options
Forceful Browsing Breaking and Entering
HTTP Response Splitting Phishing, Identity Theft and eGraffiti
Known Vulnerabilities Taking control of the site
SQL Injection Manipulation of DB information
Broken Authentication Login without authentication/Trespassing
Information leakage Trespassing
8. What is SQL injection?
SQL injection is an attack in which malicious code is
inserted into strings that are later passed to an instance of
SQL Server for parsing and execution.
The primary form of SQL injection consists of direct
insertion of code into user-input variables that are
concatenated with SQL commands and executed.
A less direct attack injects malicious code into strings that
are destined for storage in a table or as metadata.
The injection process works by prematurely terminating a
text string and appending a new command. Because the
inserted command may have additional strings appended
to it before it is executed, the attacker terminates the
injected string with a comment mark "--". Subsequent text
is ignored at execution time.
9. Exploiting a Basic Vulnerability
Consider a web-application deployed by a book retailer
that enables users to search books based on
author,publisher,etc.
Now when the user searches for all the books published
by Wiley, the application performs the following query:-
SELECT * FROM books WHERE publisher = ‘WILEY’;
This part comprises of the sql keywords and names Item of DATA supplied
of tables and columns within the database. by the USER.
All of this was written by the programmer. String data should
always be encapsulated
within ‘ ‘ in sql queries.
10. Now consider the following query when the user
searches for O’Reilly.
SELECT * FROM books WHERE publisher = ‘O’Reilly’;
In this case the interpreter would generate an error
since Reilly’ is not a valid sql syntax.
Hence when an application behaves in such a manner, it
is wide open to SQL Injections.
11. Injecting Into Different Statement Types
SELECT statement
SELECT statements are used to retrieve information
from the database.
The entry point of SQL injection attacks is normally the
WHERE clause of the query, in which the user supplied
data is passed to the database to control the scope of
the query result.
Since WHERE clause is usually the final component of
the query enabling the attacker to use the comment
symbol(-- ) to truncate the query to his input without
invalidating any syntax.
12. SELECT * FROM register WHERE uname='' OR 1=1-- ' &&
pword='abc123‘
‘OR 1=1--
14. INSERT statement
INSERT statements are used to create a new row of data
within a table.
INSERT INTO users(uname,password,id,priv) VALUES
(‘daf’,’secret’,2241,1)
If the username or password fields are vulnerable to
SQL injections , the attacker can insert arbitrary values
into the database, assign admin privileges to himself,
etc.
In case of a complete blind attack, the attacker may not
know in advance about the number and type of fields.
So he can keep adding additional fields to VALUES until
the desired account is created.
15. UPDATE statement
UPDATE statements are used to modify one or more
existing rows of data within a table.
These are used in functions where the user modifies his
existing information for eg. Changing contact
information, changing password, etc.
It works in a similar way to the INSERT statement except
that it has a WHERE clause to tell the database which
rows to update.
UPDATE users SET password=‘newsecret’ WHERE user =
‘marcus’ and password = ‘secret’
If the function is vulnerable to SQL injections the
attacker can bypass the existing password check and
change the password
16. for the admin by entering the query as:
UPDATE users SET password=‘newsecret’ WHERE user =
‘admin’-- and password = ‘secret’
This way the password part is ignored.
If the attacker uses admin’ OR 1=1 – then the query becomes:
UPDATE users SET password=‘newsecret’ WHERE user =
‘admin’ OR 1=1 -- and password = ‘newsecret’
In this case the password of every user is reset to newsecret.
17. DELETE statement:
DELETE statement is used to delete rows from the specified
table.
In this case also the WHERE clause is used to specify which
rows to delete. Hence by making changes to the WHERE
clause can have far-reaching effects on the database.
"SELECT * FROM customers WHERE username ='$name'";
In the above query $name is provided by the user, so when
executed it will display the row where username matches the
one provided by the user.
18. SELECT * FROM customers WHERE username =‘anu’
User
input
19. If the user enters a malicious input ,the query
becomes:
SELECT * FROM CUSTOMER WHERE name='';DELETE
FROM customer WHERE 1-- '‘
‘;DELETE FROM
CUSTOMER WHERE 1=1
–‘
20. The UNION Operator
The UNION operator is used to combine the results of two or
more SELECT statements into a single result set.
If there exists a SQL injection vulnerability in the SELECT
statement, the attacker can use the UNION operator to
perform another query and combine the result with the first
one.
SELECT * FROM customer WHERE name = ‘$name’
This would return the original result.
21. SELECT * FROM customer WHERE name = ‘anu’
UNION
SELECT id,name FROM product– ‘
‘UNION SELECT
id,name FROM
product – ‘
22. Shows all the rows of the customer table along the data from
product table:
23. NOTE:
When the results of two queries are combined using the
UNION operator, the two result sets must have the same
structure.
SELECT name FROM CUSTOMER WHERE name='' UNION
SELECT id,name FROM product-- ''
The used SELECT statements have a different number of
columns
Also the attacker should know the name of the target
database table along-with its relevant column names.
24. Preventing SQL Injections
Partially effective measures:
◦ Because single quotation marks play an important role
in SQL injections, so common approach is to escape
any user entered single quotation mark by doubling
them up.
The above method proves ineffective when numeric data is
being embedded into SQL queries.
Also in second order injections ,when the data that has been
inserted using the INSERT query is used in another SQL
query.
◦ Using custom stored procedures can also help provide
security.
But using them does not guarantee to prevent SQL injections
since a procedure can itself contain SQL injection
vulnerabilities within its code.
Also if the procedure is invoked in an unsafe way using
user-supplied input.
25. Parameterized Queries:
The construction of queries involving user
input is performed two steps:
◦ The application specifies the structure of the query leaving
placeholders for each user input.
◦ The application specifies values for the placeholders.
26. Example:
<?php
$mysqli = new mysqli("server", "username", "password", "database_name");
// mysqli is a class : represents a relation b/w mysql and PHP
$unsafe_variable = $_POST["user-input"];
$stmt = $mysqli->prepare("INSERT INTO table (column) VALUES (?)");
// prepare function used to prepare SQL statement for execution
$stmt->bind_param("s", $unsafe_variable);
// s means the database expects a string
$stmt->execute();
$stmt->close();
$mysqli->close();
// close database connection
?>
27. Configuring the PHP Environment :
There are various configuration options in the php.ini file that
can affect the applications security, such as:
◦ Register Globals : If register_globals option is enabled then
PHP creates global variables for all the request parameters.
Since it is not required to initialize them before use, they
can cause security issues. It has been removed entirely
from PHP 6 .
◦ Safe Mode : If safe_mode option is enabled then PHP places
restrictions on the use of some functions. For eg.
shell_exec function is disabled since it can be used to
execute OS commands, the additional_parameters
parameter of the mail function is disabled as it can lead to
SMTP injection flaws..etc
28. ◦ Magic Quotes : If magic_quotes_gpc option is enabled then
single quote, double quote, backslash and NULL characters
are automatically escaped using a backslash. If
magic_quotes_sybase option is enabled then single quotes
are escaped using single quotes.
Using magic quotes can alter the user data that does not
need escaping, hence the slashes need to be removed using
stripslashes function. Magic quotes have been removed
from PHP 6.
addslashes
You can even perform your own escaping of the required
input parameters by passing them through the addslashes
function only when required. When using addslashes , if the
magic quotes are enabled then this will lead to double
escaping (i.e double slashes) which is interpreted as literal
backslash, leaving the user input unescaped.
29. Mysql_real_escape_string() :
It calls the library function mysql_real_escape_string
which prepends backslashes to the following characters:
x00, n, r, , '," and x1a.
30. Recent attacks using SQL injections
On February 5, 2011 HBGary, a technology security firm, was
broken into by Anonymous using a SQL injection in their
CMS-driven website.
On March 27, 2011 mysql.com, the official homepage
for MySQL, was compromised by TinKode using SQL blind
injection.
On June 27, 2011, Lady Gaga's website was hacked by a
group of US cyber attackers called SwagSec and thousands of
her fans’ personal details were stolen from her website.
In October, 2011, Malaysian Hacker, managed to extract data
from www.canon.com.cn by exploiting a vulnerability he came
across. He himself reported the vulnerability to the company
within minutes and claiming to have used SQL Injection.