KEMBAR78
Data base security and injection | PPTX
A. Shamel, profile picture
Uploaded byA. Shamel
PPTX, PDF1,147 views

Data base security and injection

Database security involves protecting a database from both intentional and accidental threats. There are three main aspects of database security: secrecy, ensuring only authorized users can access data; integrity, ensuring data is not altered improperly; and availability, ensuring authorized users can access data when needed. One major threat is input injection attacks, such as SQL injection, where malicious SQL commands are injected into database queries, compromising security. Countermeasures include authorization, authentication, backups, encryption, and RAID technology to protect data and ensure continuous access.

Downloaded 38 times
Database security injection and other attacks Ahmed shamel supervised by: Dr. shimaa hameed
Introduction
What Is Database Security?  Database It is a collection of information stored in a computer.  Security It is being free from danger.  Database Security It is the mechanisms that protect the database against intentional or accidental threats.
Three Main Aspects What data base need? Secrecy Integrity Availability
Secrecy It is protecting the database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. For examples, The employees should not see the salaries of their managers.
Only authorized users should be allowed to modify data. Ensures that what users are trying to do is correct. For examples, An employee should be able to modify his or her own information. Integrity
Authorized users should be able to access data at any time they need for Legal purposes as necessary For examples, Payment orders regarding taxes should be made on time by the tax law. Availability
Threat Threat is any intentional or accidental event that may adversely affect the system.  Examples of threats: - Using another person’s log-in name to access data. - Unauthorized copying data. - Program/Data alteration. - Illegal entry by hacker - Viruses
Kinds of Threat 1. Non-fraudulent Threat  Natural or accidental disasters.  Errors or bugs in hardware or software.  Human errors. 2. fraudulent Threat Exploitation of Vulnerable . Input Injection (Formerly SQL Injection) .
Input Injection (Formerly SQL Injection)  SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.  Injected SQL commands can alter SQL statement and compromise the security of a web application.
 There are two major types of database injection attacks : 1) SQL Injection that targets traditional database systems . 2) NoSQL (stands for not only SQL( Injection that targets Big Data platforms. SQL Injection attacks usually involve inserting (or “injecting”) unauthorized or malicious statements into the input fields of web applications. On the other hand, NoSQL injection attacks involve inserting malicious statements into Big Data components . In both types, a successful Input Injection attack can give an attacker unrestricted access to an entire database.
Legal access by user name password Big websites usually use a variety of databases, because different databases serve different purposes.
How the Injection (Statements ) work?  the web application is literally asking the database server: ((do we have a user with the username 'Ahmed' and the password 'AAAA' registered in the system? ))
 the Sql Syntax is broken and an error occurs.  This plays a key role in Sql injection
if an attacker is able to "smuggle " special character (which is not filtered by web application) It is possible to modify the Sql queries, their logic and hence the application's behavior.
checking the web design if it pass special character to database queries
What happen if we pass this command throw the web application
What in fact happen inside the Database The statement which always true 1=1
The attacker is successfully authenticated as the first user from the top of the list (the first row) for ex:
Threat Countermeasures Computer-Based Controls: - Authorization - Authenticating - Backup and Recovery - view - Encryption - RAID Technology
 Authorization The granting of a privilege that enable a user to have legitimate access to a system.  Authenticating A system administrator is responsible for allowing users to have access to the system by creating individual user accounts.  Backup & Recovery Is the process of periodically taking a copy of the database and log file onto offline storage media.
 View hiding parts of the database from certain users that provides a powerful and flexible security mechanism.  Redundant Array of Independent Disks (RAID) The hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails.
Data base security and injection

More Related Content

PPTX
Security vulnerability
byA. Shamel
 
PPT
Database Security
byalraee
 
PPTX
System security
byReachLocal Services India
 
PPTX
System Security-Chapter 1
byVamsee Krishna Kiran
 
PPTX
Database security
byafzaalkhalid1
 
PPTX
Database security
byZubair Rahim
 
PPT
Security Software
bybennybigbang
 
PPTX
Database Security Management
byAhsin Yousaf
 
Security vulnerability
byA. Shamel
 
Database Security
byalraee
 
System security
byReachLocal Services India
 
System Security-Chapter 1
byVamsee Krishna Kiran
 
Database security
byafzaalkhalid1
 
Database security
byZubair Rahim
 
Security Software
bybennybigbang
 
Database Security Management
byAhsin Yousaf
 

What's hot

PPTX
Information security ist lecture
byZara Nawaz
 
PPTX
Database security
byMaryamAsghar9
 
PPTX
Data security
bySoumen Mondal
 
PPTX
Client server network threat
byRaj vardhan
 
PPT
Security and information assurance
bybdemchak
 
DOCX
Database Security Concepts | Introduction to Database Security
byRaj vardhan
 
PPT
Security testing
bybaskar p
 
PPT
Database Security
byRabiaIftikhar10
 
PPT
OS Database Security Chapter 6
byAfiqEfendy Zaen
 
PPTX
System security
bysommerville-videos
 
PPTX
information security(authentication application, Authentication and Access Co...
byZara Nawaz
 
PPTX
Unit4 next
byIntegral university, India
 
PPTX
5 Security Tips to Protect Your Login Credentials and More
byCommunity IT Innovators
 
PPT
1 security goals
bydrewz lin
 
PPTX
Cryptography and Network Security # Lecture 2
byKabul Education University
 
PPTX
System Security
byReddhi Basu
 
PDF
Fighting The Top 7 Threats to Cloud Cybersecurity
byDavid Zaizar
 
PDF
Security Testing for Test Professionals
byTechWell
 
PPTX
Protection and security
bymbadhi
 
PDF
Best Practices for implementing Database Security Comprehensive Database Secu...
byKal BO
 
Information security ist lecture
byZara Nawaz
 
Database security
byMaryamAsghar9
 
Data security
bySoumen Mondal
 
Client server network threat
byRaj vardhan
 
Security and information assurance
bybdemchak
 
Database Security Concepts | Introduction to Database Security
byRaj vardhan
 
Security testing
bybaskar p
 
Database Security
byRabiaIftikhar10
 
OS Database Security Chapter 6
byAfiqEfendy Zaen
 
System security
bysommerville-videos
 
information security(authentication application, Authentication and Access Co...
byZara Nawaz
 
Unit4 next
byIntegral university, India
 
5 Security Tips to Protect Your Login Credentials and More
byCommunity IT Innovators
 
1 security goals
bydrewz lin
 
Cryptography and Network Security # Lecture 2
byKabul Education University
 
System Security
byReddhi Basu
 
Fighting The Top 7 Threats to Cloud Cybersecurity
byDavid Zaizar
 
Security Testing for Test Professionals
byTechWell
 
Protection and security
bymbadhi
 
Best Practices for implementing Database Security Comprehensive Database Secu...
byKal BO
 

Viewers also liked

PPTX
Arithmatic pipline
byA. Shamel
 
PPTX
Malicion software
byA. Shamel
 
PPT
Data base security
bySara Nazir
 
PDF
2010 db security
byWayne Evans
 
PPTX
GSM & CDMA & OFDM
byA. Shamel
 
PPT
Analog communication
byA. Shamel
 
PPTX
Adaptive filter
byA. Shamel
 
PPTX
wireless sensor network
byA. Shamel
 
PPTX
Understanding Database Encryption & Protecting Against the Insider Threat wit...
byMongoDB
 
PPTX
Microcontroller 8051
byPatruni Chidananda Sastry
 
PPTX
8051 ram org
bysindhu sindhu
 
PPTX
Oracle Key Vault Overview
byTroy Kitch
 
PPT
Architecture of tms320 f2812
byPantech ProLabs India Pvt Ltd
 
PPTX
Dsp lab seminar
byP V Krishna Mohan Gupta
 
PPTX
8051 presentation
byShivashankar Sawalgi
 
PPTX
8051 timer counter
byvishalgohel12195
 
PPT
Introduction to tms320c6745 dsp
byPantech ProLabs India Pvt Ltd
 
PPT
Floating point units
bydipugovind
 
PPT
Registration System for Training Program in STC
byalraee
 
PDF
8051 serial communication
byasteriskbimal
 
Arithmatic pipline
byA. Shamel
 
Malicion software
byA. Shamel
 
Data base security
bySara Nazir
 
2010 db security
byWayne Evans
 
GSM & CDMA & OFDM
byA. Shamel
 
Analog communication
byA. Shamel
 
Adaptive filter
byA. Shamel
 
wireless sensor network
byA. Shamel
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
byMongoDB
 
Microcontroller 8051
byPatruni Chidananda Sastry
 
8051 ram org
bysindhu sindhu
 
Oracle Key Vault Overview
byTroy Kitch
 
Architecture of tms320 f2812
byPantech ProLabs India Pvt Ltd
 
Dsp lab seminar
byP V Krishna Mohan Gupta
 
8051 presentation
byShivashankar Sawalgi
 
8051 timer counter
byvishalgohel12195
 
Introduction to tms320c6745 dsp
byPantech ProLabs India Pvt Ltd
 
Floating point units
bydipugovind
 
Registration System for Training Program in STC
byalraee
 
8051 serial communication
byasteriskbimal
 

Similar to Data base security and injection

PPT
Sql security
bySafwan Hashmi
 
PPT
SQLSecurity.ppt
byLokeshK66
 
PPT
SQLSecurity.ppt
byCNSHacking
 
PPTX
Database security in database management.pptx
byFarhanaMariyam1
 
PPTX
Database security
bySoftware Engineering
 
PPTX
203135 Muhammad Usama.pptx
bymuhammadusama257191
 
PDF
databasesecurit-phpapp01.pdf
byAnSHiKa187943
 
PPTX
SQL INJECTION
byAnoop T
 
PPTX
kjkl.pptxsdfdsafsadfsdagsadfsadfasdggasdf
byKhalidAhmadGhiasi
 
PPTX
Oracle database threats - LAOUC Webinar
byOsama Mustafa
 
DOCX
Database security
byMehrdad Jingoism
 
PPTX
SQL INJECTION
byZiaullah Khan
 
PPTX
Unit 2 - Chapter 7 (Database Security).pptx
bySakshiGawde6
 
PPT
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
byAnuradhaGupta789099
 
PPTX
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
PPTX
Database Security And Authentication
bySudeb Das
 
PPTX
47890finalpresentation-180407201958.pptx
byNareenAsad
 
PPTX
Data base system.pptx
byMrwafaAbbas
 
PDF
DATABASE SECURITY - ATTACKS AND CONTROL METHODS
byijistjournal
 
PPTX
Database Security Presentation Why database Security is important
byKamruzzamansohel2
 
Sql security
bySafwan Hashmi
 
SQLSecurity.ppt
byLokeshK66
 
SQLSecurity.ppt
byCNSHacking
 
Database security in database management.pptx
byFarhanaMariyam1
 
Database security
bySoftware Engineering
 
203135 Muhammad Usama.pptx
bymuhammadusama257191
 
databasesecurit-phpapp01.pdf
byAnSHiKa187943
 
SQL INJECTION
byAnoop T
 
kjkl.pptxsdfdsafsadfsdagsadfsadfasdggasdf
byKhalidAhmadGhiasi
 
Oracle database threats - LAOUC Webinar
byOsama Mustafa
 
Database security
byMehrdad Jingoism
 
SQL INJECTION
byZiaullah Khan
 
Unit 2 - Chapter 7 (Database Security).pptx
bySakshiGawde6
 
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
byAnuradhaGupta789099
 
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
Database Security And Authentication
bySudeb Das
 
47890finalpresentation-180407201958.pptx
byNareenAsad
 
Data base system.pptx
byMrwafaAbbas
 
DATABASE SECURITY - ATTACKS AND CONTROL METHODS
byijistjournal
 
Database Security Presentation Why database Security is important
byKamruzzamansohel2
 

More from A. Shamel

PPTX
Vmware Data Center Virtualization ESXI and vCenter
byA. Shamel
 
PPTX
Cybersecurity
byA. Shamel
 
PPTX
Foreigners Authentication Based on Multi-Biometric System for Iraq
byA. Shamel
 
PPTX
Buses and protocol
byA. Shamel
 
PPTX
Serial connectors, Protocols , USB (universal serial bus)
byA. Shamel
 
PPTX
Omnet sem
byA. Shamel
 
PPTX
Foc ch4
byA. Shamel
 
Vmware Data Center Virtualization ESXI and vCenter
byA. Shamel
 
Cybersecurity
byA. Shamel
 
Foreigners Authentication Based on Multi-Biometric System for Iraq
byA. Shamel
 
Buses and protocol
byA. Shamel
 
Serial connectors, Protocols , USB (universal serial bus)
byA. Shamel
 
Omnet sem
byA. Shamel
 
Foc ch4
byA. Shamel
 

Recently uploaded

PPTX
Java Modern Puzzlers, a guide to new programming features
bySimon Ritter
 
PDF
ASTC Conference 2025 - Bridging the Gap!
byGareth Oakes
 
PDF
SAP & CTRM Testing Like Never Before
byZoe Gilbert
 
DOCX
Comprehensive Guide to SharePoint Consulting Services – Benefits, Process, an...
bySharepoint Designs
 
PDF
The 50+ First-Timer: My OpenTelemetry Contribution and How Your CNCF Journey...
byImma Valls Bernaus
 
PPTX
Validation testing in software engineering
bytanzeelamohsin01
 
PDF
How can AI be used in Content Management Systems, Plone Conference 2025
byRob Gietema
 
PDF
VADY Smart Data Flow – Automated Data Insights for Scalable Enterprise Decisions
byNewFangledVision
 
PDF
Autowiring all the things! - DrupalCon Vienna 2025 - Luca Lusso, SparkFabrik
bysparkfabrik
 
PDF
Shift Left for Inclusion: Scalable Accessibility Testing with Cypress - Cypre...
byLudovico Besana
 
DOCX
What Is the Best BI Software Other Than Tableau.docx
byVarsha Nayak
 
PDF
Safe Confined Space Entry Monitoring_ Singapore Experts.pdf
byprasadexiga0
 
PDF
Austin Marketo User Group: Ground Control 2 MOPS: AI-Ignite your Map
bybbedford2
 
PPT
preliminaries, concepts of programming languages
bymjmansoori54
 
PDF
Ensuring Regulatory Excellence with Insurance Compliance Software
byInsurance Tech Services
 
PDF
The 50+ First-Timer: It’s never too late for Open Source!
byImma Valls Bernaus
 
PPTX
Standardization of open-source software ISO/IEC 5230:2020 and ISO/IEC 18974:2...
byShane Coughlan
 
PDF
Where Does Your Data Go When You Put In Into A Database_.pdf
byDave Stokes
 
PDF
How QuickHR Helps SMEs Control Expense Claims
byParker adam
 
PPTX
Safe Confined Space Entry Monitoring_ Singapore Experts.pptx
byprasadexiga0
 
Java Modern Puzzlers, a guide to new programming features
bySimon Ritter
 
ASTC Conference 2025 - Bridging the Gap!
byGareth Oakes
 
SAP & CTRM Testing Like Never Before
byZoe Gilbert
 
Comprehensive Guide to SharePoint Consulting Services – Benefits, Process, an...
bySharepoint Designs
 
The 50+ First-Timer: My OpenTelemetry Contribution and How Your CNCF Journey...
byImma Valls Bernaus
 
Validation testing in software engineering
bytanzeelamohsin01
 
How can AI be used in Content Management Systems, Plone Conference 2025
byRob Gietema
 
VADY Smart Data Flow – Automated Data Insights for Scalable Enterprise Decisions
byNewFangledVision
 
Autowiring all the things! - DrupalCon Vienna 2025 - Luca Lusso, SparkFabrik
bysparkfabrik
 
Shift Left for Inclusion: Scalable Accessibility Testing with Cypress - Cypre...
byLudovico Besana
 
What Is the Best BI Software Other Than Tableau.docx
byVarsha Nayak
 
Safe Confined Space Entry Monitoring_ Singapore Experts.pdf
byprasadexiga0
 
Austin Marketo User Group: Ground Control 2 MOPS: AI-Ignite your Map
bybbedford2
 
preliminaries, concepts of programming languages
bymjmansoori54
 
Ensuring Regulatory Excellence with Insurance Compliance Software
byInsurance Tech Services
 
The 50+ First-Timer: It’s never too late for Open Source!
byImma Valls Bernaus
 
Standardization of open-source software ISO/IEC 5230:2020 and ISO/IEC 18974:2...
byShane Coughlan
 
Where Does Your Data Go When You Put In Into A Database_.pdf
byDave Stokes
 
How QuickHR Helps SMEs Control Expense Claims
byParker adam
 
Safe Confined Space Entry Monitoring_ Singapore Experts.pptx
byprasadexiga0
 

Data base security and injection

  • 1.
    Database security injection andother attacks Ahmed shamel supervised by: Dr. shimaa hameed
  • 2.
  • 3.
    What Is DatabaseSecurity?  Database It is a collection of information stored in a computer.  Security It is being free from danger.  Database Security It is the mechanisms that protect the database against intentional or accidental threats.
  • 4.
    Three Main Aspects Whatdata base need? Secrecy Integrity Availability
  • 5.
    Secrecy It is protectingthe database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. For examples, The employees should not see the salaries of their managers.
  • 6.
    Only authorized usersshould be allowed to modify data. Ensures that what users are trying to do is correct. For examples, An employee should be able to modify his or her own information. Integrity
  • 7.
    Authorized users shouldbe able to access data at any time they need for Legal purposes as necessary For examples, Payment orders regarding taxes should be made on time by the tax law. Availability
  • 8.
    Threat Threat is anyintentional or accidental event that may adversely affect the system.  Examples of threats: - Using another person’s log-in name to access data. - Unauthorized copying data. - Program/Data alteration. - Illegal entry by hacker - Viruses
  • 9.
    Kinds of Threat 1.Non-fraudulent Threat  Natural or accidental disasters.  Errors or bugs in hardware or software.  Human errors. 2. fraudulent Threat Exploitation of Vulnerable . Input Injection (Formerly SQL Injection) .
  • 10.
    Input Injection (FormerlySQL Injection)  SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.  Injected SQL commands can alter SQL statement and compromise the security of a web application.
  • 11.
     There aretwo major types of database injection attacks : 1) SQL Injection that targets traditional database systems . 2) NoSQL (stands for not only SQL( Injection that targets Big Data platforms. SQL Injection attacks usually involve inserting (or “injecting”) unauthorized or malicious statements into the input fields of web applications. On the other hand, NoSQL injection attacks involve inserting malicious statements into Big Data components . In both types, a successful Input Injection attack can give an attacker unrestricted access to an entire database.
  • 12.
    Legal access by user name password Bigwebsites usually use a variety of databases, because different databases serve different purposes.
  • 13.
    How the Injection(Statements ) work?  the web application is literally asking the database server: ((do we have a user with the username 'Ahmed' and the password 'AAAA' registered in the system? ))
  • 14.
     the SqlSyntax is broken and an error occurs.  This plays a key role in Sql injection
  • 15.
    if an attackeris able to "smuggle " special character (which is not filtered by web application) It is possible to modify the Sql queries, their logic and hence the application's behavior.
  • 16.
    checking the webdesign if it pass special character to database queries
  • 17.
    What happen ifwe pass this command throw the web application
  • 18.
    What in facthappen inside the Database The statement which always true 1=1
  • 19.
    The attacker issuccessfully authenticated as the first user from the top of the list (the first row) for ex:
  • 20.
    Threat Countermeasures Computer-Based Controls: -Authorization - Authenticating - Backup and Recovery - view - Encryption - RAID Technology
  • 21.
     Authorization The grantingof a privilege that enable a user to have legitimate access to a system.  Authenticating A system administrator is responsible for allowing users to have access to the system by creating individual user accounts.  Backup & Recovery Is the process of periodically taking a copy of the database and log file onto offline storage media.
  • 22.
     View hiding partsof the database from certain users that provides a powerful and flexible security mechanism.  Redundant Array of Independent Disks (RAID) The hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails.

Editor's Notes

  • #9 التهديد هو اي حدث حصل متعمداً أو عرضا التي قد تؤثر سلبا على النظام. - استبدال برنامج / البيانات - الدخول غير المشروع من قبل القراصنة - الفيروسات
  • #10 نوعين من التهديدات الغير مقصوده او غير المزوره((بصوره طبيعية او عن طريق حادث ,الفشل في هاردوير او سوفت وير , واخطاء بشريه)) والتهديدات المقصوده المزوره ((استغلال الثغرات ونقاط الضعف , او بواسطة الحقن )
  • #12 الاول يستهدف الداتتا بيس نفسها الثاني يستهدف البيانات التي ع الداتا بيس
  • #16 اذا كان المخترق قادر ان يهرب بعض الرموز الخاصة التي لم تحجب من تصميم الصفه اي ان تعبر خلال الويب دزاين ال sql quires
  • #17 Compiler of Sql appear in the attacker web browser
  • #22 منح امتياز التي تمكن المستخدم من الوصول الشرعي للنظام.
  • #23 إخفاء أجزاء من قاعدة البيانات من بعض المستخدمين أن يوفر آلية أمنية قوية ومرنة. يجب أن يكون الجهاز الذي نظم إدارة قواعد البيانات يعمل على قبول نسبة الخطىء ، وهذا يعني أن نظم إدارة قواعد البيانات ينبغي أن تستمر في العمل حتى لو فشل أحد مكونات الأجهزة.