Upload
gargee-hiray
View
102
Download
1
Tags:
Embed Size (px)
Citation preview
CYBER CRIME AN EYE OPENER – SQL INJECTION (SQLIA’S)
Gargee S HirayTE 2 Roll no : 144
Seminar Guide Prof.S A Shinde
SOME QUESTIONS ?
What are we so concerned about? What are we trying to protect? What an Ethical Hacker is and does ?
WHAT ARE WE SO CONCERNED ABOUT?
WHAT ARE WE TRYING TO PROTECT?
WHAT AN HACKER IS AND DOES ?
Someone who seeks and exploits weaknesses in a computer system or computer network
Who makes innovative customizations or computer equipment.
Who combines excellence, playfulness and cleverness in performed activities
TYPES OF HACKERS
OVER VIEW
What is SQL INJECTION ? How common is it? Can we hack website easily ? How does it work ? Finding SQL Injection . Protecting against SQL Injection Impact of SQL Injection. SQL injection Conclusion.
WHAT IS SQL INJECTION?
SQL Injections are attacks by which an attacker alters the structure of the original SQL query by injecting SQL code in the input fields of the web form in order to gain unauthorized access to the database.
HOW COMMON IS IT?
It is probably the most common Website vulnerability today!
It is a flaw in "web application" development,
it is not a DB or web server problem More than 60 % of the websites are Hacked
due to SQL Injection .
CAN WE HACK WEBSITE EASILY ?
HOW DOES IT WORK ?
FINDING SQL INJECTION
1. Submit a single quote as input ' If an error results, app is vulnerable.If no error, check for any output changes.
2. Submit two single quotes.Databases use ’’ to represent literal ’If error disappears, app is vulnerable.
3. Try string or numeric operators.
EXAMPLES
' or '1'='1' -- ' ' or '1'='1' ({ ‘ ' or '1'='1' /* ‘ ' or '1'=‘1
PROTECTING AGAINST SQL INJECTION strong design correct input validation
IMPACT OF SQL INJECTION
1. Leakage of sensitive information.2. Reputation decline.3. Modification of sensitive information.4. Loss of control of db server.5. Data loss.
SQL INJECTION CONCLUSION SQL injection is technique for exploiting
applications that use relational databases as their back end.
Transform the innocent SQL calls to a malicious call
Cause unauthorized access, deletion of data, or theft of information
REFERENCES SQL INJECTIONS – A HAZARD TO WEB APPLICATIONS
By- Neha Singh and Ravindra Kumar Purwar Issue 6, June 2012.
SQL INJECTION ATTACKS DETECTION IN ADVERSARI AL ENVIRONMENTS BY
K-CENTERS Issue 15-17 July, 2012
http://www.britannica.com/EBchecked/topic/130595/cybercrime
http://www.acunetix.com/websitesecurity/sql-injection/
THANK YOU Any Query ?