CYBER CRIME AN EYE OPENER – SQL INJECTION (SQLIA’S)

Gargee S HirayTE 2 Roll no : 144

Seminar Guide Prof.S A Shinde

SOME QUESTIONS ?

What are we so concerned about? What are we trying to protect? What an Ethical Hacker is and does ?

WHAT ARE WE SO CONCERNED ABOUT?

WHAT ARE WE TRYING TO PROTECT?

WHAT AN HACKER IS AND DOES ?

Someone who seeks and exploits weaknesses in a computer system or computer network

Who makes innovative customizations or computer equipment.

Who combines excellence, playfulness and cleverness in performed activities

TYPES OF HACKERS

OVER VIEW

What is SQL INJECTION ? How common is it? Can we hack website easily ? How does it work ? Finding SQL Injection . Protecting against SQL Injection Impact of SQL Injection. SQL injection Conclusion.

WHAT IS SQL INJECTION?

SQL Injections are attacks by which an attacker alters the structure of the original SQL query by injecting SQL code in the input fields of the web form in order to gain unauthorized access to the database.

HOW COMMON IS IT?

It is probably the most common Website vulnerability today!

It is a flaw in "web application" development,

it is not a DB or web server problem More than 60 % of the websites are Hacked

due to SQL Injection .

CAN WE HACK WEBSITE EASILY ?

HOW DOES IT WORK ?

FINDING SQL INJECTION

1. Submit a single quote as input ' If an error results, app is vulnerable.If no error, check for any output changes.

2. Submit two single quotes.Databases use ’’ to represent literal ’If error disappears, app is vulnerable.

3. Try string or numeric operators.

EXAMPLES

' or '1'='1' -- ' ' or '1'='1' ({ ‘ ' or '1'='1' /* ‘ ' or '1'=‘1

PROTECTING AGAINST SQL INJECTION strong design correct input validation

IMPACT OF SQL INJECTION

1. Leakage of sensitive information.2. Reputation decline.3. Modification of sensitive information.4. Loss of control of db server.5. Data loss.

SQL INJECTION CONCLUSION SQL injection is technique for exploiting

applications that use relational databases as their back end.

Transform the innocent SQL calls to a malicious call

Cause unauthorized access, deletion of data, or theft of information

REFERENCES SQL INJECTIONS – A HAZARD TO WEB APPLICATIONS

By- Neha Singh and Ravindra Kumar Purwar Issue 6, June 2012.

SQL INJECTION ATTACKS DETECTION IN ADVERSARI AL ENVIRONMENTS BY

K-CENTERS Issue 15-17 July, 2012

http://www.britannica.com/EBchecked/topic/130595/cybercrime

http://www.acunetix.com/websitesecurity/sql-injection/

THANK YOU Any Query ?