cyber crime an eye opener 144 te 2 t-7

Report

Tags:

Post on 27-Jun-2015

102 Views

Category:

Documents

1 Downloads

Preview:

Click to see full reader

TRANSCRIPT

CYBER CRIME AN EYE OPENER – SQL INJECTION (SQLIA’S)

Gargee S HirayTE 2 Roll no : 144

Seminar Guide Prof.S A Shinde

SOME QUESTIONS ?

What are we so concerned about? What are we trying to protect? What an Ethical Hacker is and does ?

WHAT ARE WE SO CONCERNED ABOUT?

WHAT ARE WE TRYING TO PROTECT?

WHAT AN HACKER IS AND DOES ?

Someone who seeks and exploits weaknesses in a computer system or computer network

Who makes innovative customizations or computer equipment.

Who combines excellence, playfulness and cleverness in performed activities

TYPES OF HACKERS

OVER VIEW

What is SQL INJECTION ? How common is it? Can we hack website easily ? How does it work ? Finding SQL Injection . Protecting against SQL Injection Impact of SQL Injection. SQL injection Conclusion.

WHAT IS SQL INJECTION?

SQL Injections are attacks by which an attacker alters the structure of the original SQL query by injecting SQL code in the input fields of the web form in order to gain unauthorized access to the database.

HOW COMMON IS IT?

It is probably the most common Website vulnerability today!

It is a flaw in "web application" development,

it is not a DB or web server problem More than 60 % of the websites are Hacked

due to SQL Injection .

CAN WE HACK WEBSITE EASILY ?

HOW DOES IT WORK ?

FINDING SQL INJECTION

1. Submit a single quote as input ' If an error results, app is vulnerable.If no error, check for any output changes.

2. Submit two single quotes.Databases use ’’ to represent literal ’If error disappears, app is vulnerable.

3. Try string or numeric operators.

EXAMPLES

' or '1'='1' -- ' ' or '1'='1' ({ ‘ ' or '1'='1' /* ‘ ' or '1'=‘1

PROTECTING AGAINST SQL INJECTION strong design correct input validation

IMPACT OF SQL INJECTION

1. Leakage of sensitive information.2. Reputation decline.3. Modification of sensitive information.4. Loss of control of db server.5. Data loss.

SQL INJECTION CONCLUSION SQL injection is technique for exploiting

applications that use relational databases as their back end.

Transform the innocent SQL calls to a malicious call

Cause unauthorized access, deletion of data, or theft of information

REFERENCES SQL INJECTIONS – A HAZARD TO WEB APPLICATIONS

By- Neha Singh and Ravindra Kumar Purwar Issue 6, June 2012.

SQL INJECTION ATTACKS DETECTION IN ADVERSARI AL ENVIRONMENTS BY

K-CENTERS Issue 15-17 July, 2012

http://www.britannica.com/EBchecked/topic/130595/cybercrime

http://www.acunetix.com/websitesecurity/sql-injection/

http://www.britannica.com/EBchecked/topic/130595/cybercrime
http://www.britannica.com/EBchecked/topic/130595/cybercrime
http://www.acunetix.com/websitesecurity/sql-injection/
http://www.acunetix.com/websitesecurity/sql-injection/

THANK YOU Any Query ?

top related

3chapter section opener / closer: insert book cover art what...
Documents
chapter 3 opener
Documents
brown's season opener
Art & Photos
market, crime and fear at the heart of the uncertainty...
Documents
garage opener
Documents
daily opener
Documents
meteoroid opener
Education
opener, oer @ounl
Education
an eye opener
Documents
door opener
Documents
smta opener
Technology
presenter development opener
Education
genie door opener programming instructions door...
Documents
opener page.qrk
Documents
unit opener presentation
Documents
chapter 11 opener
Documents
garage door opener - liftmaster to prevent damage to garage...
Documents
chapter 1 opener
Documents
chapter 8 opener
Documents
windows opener
Documents