1 / 14

SQL Injection Attacks

SQL injection attack occurs through the insertion and execution of malicious SQL statements into the entry field of data-driven applications. It exploits security related vulnerabilities in the software of an application

htshosting
Download Presentation

SQL Injection Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SQL Injection Attacks

  2. Table of Contents • Database • SQL • RDBMS • Uses of SQL • Applications of SQL • SQL Commands • SQL Injection • SQL Injection’s Categories • SQL Injection Attack’s Impact • Examples of SQL Injection

  3. DATABASE • Any structured information or data that is in the form of an organized collection and typically stored electronically is referred to as a database. A database management system (DBMS) usually controls a database. The data and the database management system along with the associated applications are known as the database system. Data that is in most of the databases is modelled in such a way that makes it easy to process and renders data querying efficient. • The data in a database can be accessed, managed, modified, updated, controlled and organized easily and efficiently. SQL (Structured Query Language) is used by most databases for the purpose of writing and querying data. • To digress, data of websites are stored on the web servers of web hosting companies. The best web hosts are often referred to as the “Best Windows Hosting Company” or as the “Best Linux Hosting Company” or as the “Top Cloud Hosting Company”.

  4. SQL YELLOW • SQL is the abbreviation for Structured Query Language. Almost all the relational databases use the programming language, SQL, for querying, manipulating as well as defining data and providing access control. Despite being an ANSI/ISO standard, there are various versions of the SQL language.

  5. RDBMS • RDBMS is the abbreviation for Relational Database Management System. It is a database in which data is stored in tables, so that the data can be used in relation to other stored datasets. Most of the databases that are used by businesses are relational databases. RDBMS serves as the basis for SQL as well as for all modern database systems.

  6. Uses of SQL • The uses of SQL are mentioned below. These uses shed light on the operations that are performed with regard to a database. • A new database can be created with SQL • New data can be inserted in the database • Previous data can be modified or updated • Data can be retrieved from the database • Data can be deleted • A new table can be created in one database and it can be dropped as well • Permissions can be set for table, procedures and views • Function, views and stored procedures can be created

  7. Applications of SQL A few of the applications of SQL are mentioned below. SQL functions as a Data Defining Language (DDL). Hence, it can be used to make a database autonomously and to characterize its structure. It is a Data Control Language (DCL) that is used to determine the way in which an information base can be ensured against debasement and misuse. SQL acts as a Data Manipulation Language (DML). This helps to keep a database that existed previously. It is used widely as a Client or Server language. It can be used with regard to the three-level design that characterizes the Internet architecture.

  8. 1-800-123 -8156 Whoa! That’s a big number, aren’t you proud?

  9. SQL Commands • SQL commands can be divided into 3 categories with regard to one’s work. These are mentioned below. • Data Definition Language (DDL): DDL has three parts, which are create, alter and drop. Create is used to create a new object in a database. Alter is used for modifying objects in a database. Drop is used to delete an object. • Data Manipulation Language (DML): DML has 4 parts, which are select, insert, update and delete. Select is used to retrieve one or more data. A new record can be entered by using Insert. Update is used to modify a record. By using Delete a record can be deleted. • Data Control Language (DCL): DCL has 2 parts, which are grant and revoke. Grant gives permission to users. Revoke is used to deny permission.

  10. SQL Injection • SQL injection refers to a malicious code injection technique in which malicious code is inserted in SQL statements through web page input. It is used for the purpose of attacking data-driven applications by inserting malicious SQL statements into an entry field for execution. It is used frequently as a web hacking technique. In it arbitrary SQL commands are inserted in the queries, which are made by a web application to its database. •  SQL injection exploits security vulnerability that exists in any application’s software. It is known to be an attack vector for websites but it can be used to attack SQL database of any type. With the aid of SQL injection attackers can spoof identity as well as tamper with existing data. It can be used to cause repudiation issues.

  11. SQL Injection’s Categories • There are 3 major categories of SQL injections which are mentioned below. • In-band SQLi- It takes place when an attacker uses a single communication channel to launch an attack and gather results. • Inferential SQLi- In it an attacker can reconstruct the database structure. This is done by sending payloads, observing the response of the web application and the database server’s resulting behavior. • Out-of-band SQLi- It occurs in the event that an attacker is unable to make use of the same channel for launching an attack and gathering the results.

  12. SQL Injection Attack’s Impact • An SQL injection attack that is successful leads to the following- • Unauthorized access to sensitive data • Damage to reputation • Regulatory fines

  13. Examples of SQL Injection • The most common examples of SQL injection are mentioned below. • Retrieving hidden data- In it an SQL query can be modified to return additional results. • Subverting application logic- In it a query can be changed to interfere with the application's logic. • UNION attacks- It retrieves data from various database tables. • Examining the database- Information related to the version and structure of a database can be extracted. • Blind SQL injection- In it the results of a query that is being controlled, are not returned in the responses of the application.

  14. Thanks! ANY QUESTIONS? You can find me at: www.htshosting.org support@htshosting.org

More Related