KEMBAR78
Ppt on sql injection | PPTX
Uploaded byashish20012
PPTX, PDF9,776 views

Ppt on sql injection

This document discusses SQL injection, which is a security vulnerability that allows attackers to interfere with how a database operates. SQL injection occurs when user input is not sanitized and is used directly in SQL queries, allowing attackers to alter the structure and meaning of queries. The document provides an example of how an attacker could log in without a password by adding SQL code to the username field. It also lists some common SQL injection techniques like using comments, concatenation, and wildcards. Finally, it points to additional online resources for learning more about SQL injection and database security.

Downloaded 562 times
SQL INJECTION SUBMITTED TO:- SUBMITTED BY :- MR. NAVEEN KEDIA ASHISH KUMAR FINAL YEAR I.T.
INDEX  Ethical Hacking.  What is SQL.  How does SQL Injection work.  Example of SQL Injection.  Diagram of SQL Injection.
ETHICAL HACKING  Independent computer security Professionals breaking into the computer systems.  Neither damage the target systems nor steal information.  Evaluate target systems security and report back to owners about the Bugs found.
ETHICAL HACKERS BUT NOT CRIMINAL HACKERS  Completely trustworthy.  Strong programming and computer networking skills.  Learn about the system and trying to find its weaknesses.  Techniques of Criminal hackers-Detection-Prevention.  Tester only reports findings, does not solve problems.
WHAT IS SQL?  SQL stands for Structured Query Language  Allows us to access a database  ANSI and ISO standard computer language  The most current standard is SQL99  SQL can:  execute queries against a database  retrieve data from a database  insert new records in a database  delete records from a database  update records in a database
WHAT IS A SQL INJECTION ATTACK?  Many web applications take user input from a form  Often this user input is used literally in the construction of a SQL query submitted to a database. For example:  SELECT productdata FROM table WHERE productname = ‘user input product name’;  A SQL injection attack involves placing SQL statements in the user input
HOW DOES SQL INJECTION WORK? Common vulnerable login query SELECT * FROM users WHERE login = 'victor' AND password = '123' (If it returns something then login) ASP/MS SQL Server login syntax var sql = "SELECT * FROM users WHERE login = '" + formusr + "' AND password = '" + formpwd + "'";
INJECTING THROUGH STRINGS formusr = ' or 1=1 – – formpwd = anything Final query would look like this: SELECT * FROM users WHERE username = ' ' or 1=1 – – AND password = 'anything'
SQL INJECTION CHARACTERS  ' or "character String Indicators  -- or # single-line commen  /*…*/ multiple-line comment  + addition, concatenate (or space in url)  || (double pipe) concatenate  % wildcard attribute indicator
ALL TABLES AND COLUMNS IN ONE QUERY  union select 0, sysobjects.name + ': ' + syscolumns.name + ': ' + systypes.name, 1, 1, '1', 1, 1, 1, 1, 1 from sysobjects, syscolumns, systypes where sysobjects.xtype = 'U' AND sysobjects.id = syscolumns.id AND syscolumns.xtype = systypes.xtype --
ARCHITECTURE OF SQL INJECTION
LINKS  A lot of SQL Injection related papers  http://www.nextgenss.com/papers.htm  http://www.spidynamics.com/support/whitepapers/  http://www.appsecinc.com/techdocs/whitepapers.html  http://www.atstake.com/research/advisories  Other resources  http://www.owasp.org  http://www.sqlsecurity.com  http://www.securityfocus.com/infocus/1768
THANK YOU

More Related Content

PDF
Advanced SQL injection to operating system full control (whitepaper)
byBernardo Damele A. G.
 
PDF
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
PPT
Sql injection
byPallavi Biswas
 
PPTX
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
PPTX
Sql injections - with example
byPrateek Chauhan
 
PPTX
Sql Injection attacks and prevention
byhelloanand
 
PPTX
SQL Injection
byAsish Kumar Rath
 
PPTX
Sql injection
byZidh
 
Advanced SQL injection to operating system full control (whitepaper)
byBernardo Damele A. G.
 
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
Sql injection
byPallavi Biswas
 
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
Sql injections - with example
byPrateek Chauhan
 
Sql Injection attacks and prevention
byhelloanand
 
SQL Injection
byAsish Kumar Rath
 
Sql injection
byZidh
 

What's hot

PPT
A Brief Introduction in SQL Injection
bySina Manavi
 
PPTX
SQL INJECTION
byMentorcs
 
PPTX
seminar report on Sql injection
byJawhar Ali
 
PPTX
SQL injection prevention techniques
bySongchaiDuangpan
 
PPTX
Sql injection
byHemendra Kumar
 
PPT
SQL Injection
byAdhoura Academy
 
PPT
Sql injection
byNikunj Dhameliya
 
PDF
How to identify and prevent SQL injection
byEguardian Global Services
 
PPTX
Sql injection - security testing
byNapendra Singh
 
PPTX
SQL injection
byRaj Parmar
 
PPTX
SQL Injections (Part 1)
byn|u - The Open Security Community
 
PPT
Sql injection attack
byRajKumar Rampelli
 
PPTX
Sql injection
bySasha-Leigh Garret
 
PPTX
Sql injection in cybersecurity
bySanad Bhowmik
 
PPT
Penetration Testing Basics
byRick Wanner
 
PPTX
Sqlmap
byshamshad9
 
PPTX
Xss attack
byManjushree Mashal
 
PPTX
SQL INJECTION
byAnoop T
 
PPTX
Cross-Site Scripting (XSS)
byDaniel Tumser
 
PPTX
Web security
byPadam Banthia
 
A Brief Introduction in SQL Injection
bySina Manavi
 
SQL INJECTION
byMentorcs
 
seminar report on Sql injection
byJawhar Ali
 
SQL injection prevention techniques
bySongchaiDuangpan
 
Sql injection
byHemendra Kumar
 
SQL Injection
byAdhoura Academy
 
Sql injection
byNikunj Dhameliya
 
How to identify and prevent SQL injection
byEguardian Global Services
 
Sql injection - security testing
byNapendra Singh
 
SQL injection
byRaj Parmar
 
SQL Injections (Part 1)
byn|u - The Open Security Community
 
Sql injection attack
byRajKumar Rampelli
 
Sql injection
bySasha-Leigh Garret
 
Sql injection in cybersecurity
bySanad Bhowmik
 
Penetration Testing Basics
byRick Wanner
 
Sqlmap
byshamshad9
 
Xss attack
byManjushree Mashal
 
SQL INJECTION
byAnoop T
 
Cross-Site Scripting (XSS)
byDaniel Tumser
 
Web security
byPadam Banthia
 

Similar to Ppt on sql injection

PPTX
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
PDF
Sql injection
bySafwan Hashmi
 
PDF
7 ayushpandey
byAyush Pandey
 
PPT
SQl Injection.ppt
byHrRajon2
 
PPTX
Code injection and green sql
byKaustav Sengupta
 
PPTX
Greensql2007
byKaustav Sengupta
 
PDF
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
PPSX
Web application security
bywww.netgains.org
 
PPTX
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
PPT
Sql injection attacks
bychaitanya Lotankar
 
PPT
Advanced sql injection 1
byKarunakar Singh Thakur
 
PDF
Sq linjection
byMahesh Gupta (DBATAG) - SQL Server Consultant
 
PPT
SQL injection and buffer overflows are hacking techniques used to exploit wea...
bybankservicehyd
 
PDF
Sql injection course made by Cristian Alexandrescu
byCristian Alexandrescu
 
PPT
SQLSecurity.ppt
byLokeshK66
 
PPT
SQLSecurity.ppt
byCNSHacking
 
PPT
Sql injection attacks
byKumar
 
PPT
D:\Technical\Ppt\Sql Injection
byavishkarm
 
PPTX
Sql injection
byThe Avi Sharma
 
PPTX
Sql injection
byUzair ul Haq Khan
 
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
Sql injection
bySafwan Hashmi
 
7 ayushpandey
byAyush Pandey
 
SQl Injection.ppt
byHrRajon2
 
Code injection and green sql
byKaustav Sengupta
 
Greensql2007
byKaustav Sengupta
 
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
Web application security
bywww.netgains.org
 
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
Sql injection attacks
bychaitanya Lotankar
 
Advanced sql injection 1
byKarunakar Singh Thakur
 
Sq linjection
byMahesh Gupta (DBATAG) - SQL Server Consultant
 
SQL injection and buffer overflows are hacking techniques used to exploit wea...
bybankservicehyd
 
Sql injection course made by Cristian Alexandrescu
byCristian Alexandrescu
 
SQLSecurity.ppt
byLokeshK66
 
SQLSecurity.ppt
byCNSHacking
 
Sql injection attacks
byKumar
 
D:\Technical\Ppt\Sql Injection
byavishkarm
 
Sql injection
byThe Avi Sharma
 
Sql injection
byUzair ul Haq Khan
 

Recently uploaded

PPTX
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
PDF
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
PDF
Somnath Mukherjee_BIM Specialist_Portfolio.pdf
bySomnathMukherjee980757
 
PPTX
Data types and datatype conversions of python programming.pptx
byAmyPrasannaTella1
 
PPTX
UNIT - IV - Computer aided process planning - part 2.pptx
byrameshrajendhra
 
PDF
TOPIC 1.2 THE CONSTRUCTION PROJECT BY KJFF
byKHEN49
 
PDF
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
PPTX
UNIT - V - Flexible Manufacturing System.pptx
byrameshrajendhra
 
PDF
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
PPTX
hanumantha_s_Netflix Data Analysis Project PPT.pptx
bylikipiki689
 
PDF
Energias renovables estudio energias.pdf
byCarlosPrezBuelga
 
PPTX
Chapter 4 Geosynthetics materials for soil improvement .pptx
byFanastic
 
PDF
Certified Cloud Security Professional (CCSP): Unit 4
byVICTOR MAESTRE RAMIREZ
 
PDF
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
PDF
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
PPTX
An improved feature extraction algorithm of EEG signals
byAnirban Nath
 
PPTX
Optimizing Wave Energy Capture: Utilizing Variable-Pitch Turbine Blades in We...
byArijit Biswas
 
PDF
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
DOCX
material selection for preparation of glider
bybityasteraye
 
PPT
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
Somnath Mukherjee_BIM Specialist_Portfolio.pdf
bySomnathMukherjee980757
 
Data types and datatype conversions of python programming.pptx
byAmyPrasannaTella1
 
UNIT - IV - Computer aided process planning - part 2.pptx
byrameshrajendhra
 
TOPIC 1.2 THE CONSTRUCTION PROJECT BY KJFF
byKHEN49
 
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
UNIT - V - Flexible Manufacturing System.pptx
byrameshrajendhra
 
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
hanumantha_s_Netflix Data Analysis Project PPT.pptx
bylikipiki689
 
Energias renovables estudio energias.pdf
byCarlosPrezBuelga
 
Chapter 4 Geosynthetics materials for soil improvement .pptx
byFanastic
 
Certified Cloud Security Professional (CCSP): Unit 4
byVICTOR MAESTRE RAMIREZ
 
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
An improved feature extraction algorithm of EEG signals
byAnirban Nath
 
Optimizing Wave Energy Capture: Utilizing Variable-Pitch Turbine Blades in We...
byArijit Biswas
 
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
material selection for preparation of glider
bybityasteraye
 
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 

Ppt on sql injection

  • 1.
    SQL INJECTION SUBMITTED TO:-SUBMITTED BY :- MR. NAVEEN KEDIA ASHISH KUMAR FINAL YEAR I.T.
  • 2.
    INDEX  Ethical Hacking. What is SQL.  How does SQL Injection work.  Example of SQL Injection.  Diagram of SQL Injection.
  • 3.
    ETHICAL HACKING  Independentcomputer security Professionals breaking into the computer systems.  Neither damage the target systems nor steal information.  Evaluate target systems security and report back to owners about the Bugs found.
  • 4.
    ETHICAL HACKERS BUTNOT CRIMINAL HACKERS  Completely trustworthy.  Strong programming and computer networking skills.  Learn about the system and trying to find its weaknesses.  Techniques of Criminal hackers-Detection-Prevention.  Tester only reports findings, does not solve problems.
  • 5.
    WHAT IS SQL? SQL stands for Structured Query Language  Allows us to access a database  ANSI and ISO standard computer language  The most current standard is SQL99  SQL can:  execute queries against a database  retrieve data from a database  insert new records in a database  delete records from a database  update records in a database
  • 6.
    WHAT IS ASQL INJECTION ATTACK?  Many web applications take user input from a form  Often this user input is used literally in the construction of a SQL query submitted to a database. For example:  SELECT productdata FROM table WHERE productname = ‘user input product name’;  A SQL injection attack involves placing SQL statements in the user input
  • 7.
    HOW DOES SQLINJECTION WORK? Common vulnerable login query SELECT * FROM users WHERE login = 'victor' AND password = '123' (If it returns something then login) ASP/MS SQL Server login syntax var sql = "SELECT * FROM users WHERE login = '" + formusr + "' AND password = '" + formpwd + "'";
  • 8.
    INJECTING THROUGH STRINGS formusr= ' or 1=1 – – formpwd = anything Final query would look like this: SELECT * FROM users WHERE username = ' ' or 1=1 – – AND password = 'anything'
  • 10.
    SQL INJECTION CHARACTERS ' or "character String Indicators  -- or # single-line commen  /*…*/ multiple-line comment  + addition, concatenate (or space in url)  || (double pipe) concatenate  % wildcard attribute indicator
  • 11.
    ALL TABLES ANDCOLUMNS IN ONE QUERY  union select 0, sysobjects.name + ': ' + syscolumns.name + ': ' + systypes.name, 1, 1, '1', 1, 1, 1, 1, 1 from sysobjects, syscolumns, systypes where sysobjects.xtype = 'U' AND sysobjects.id = syscolumns.id AND syscolumns.xtype = systypes.xtype --
  • 12.
  • 13.
    LINKS  A lotof SQL Injection related papers  http://www.nextgenss.com/papers.htm  http://www.spidynamics.com/support/whitepapers/  http://www.appsecinc.com/techdocs/whitepapers.html  http://www.atstake.com/research/advisories  Other resources  http://www.owasp.org  http://www.sqlsecurity.com  http://www.securityfocus.com/infocus/1768
  • 14.