5. WHAT AN HACKER IS AND DOES ?
Someone who seeks and exploits weaknesses in a
computer system or computer network
Who makes innovative customizations or computer
equipment.
Who combines excellence, playfulness and
cleverness in performed activities
7. OVER VIEW
What is SQL INJECTION ?
How common is it?
Can we hack website easily ?
How does it work ?
Finding SQL Injection .
Protecting against SQL Injection
Impact of SQL Injection.
SQL injection Conclusion.
8. WHAT IS SQL INJECTION?
SQL Injections are attacks by which an attacker
alters the structure of the original SQL query by
injecting SQL code in the input fields of the web
form in order to gain unauthorized access to the
database.
9. HOW COMMON IS IT?
It is probably the most common Website
vulnerability today!
It is a flaw in "web application" development,
it is not a DB or web server problem
More than 60 % of the websites are Hacked due to
SQL Injection .
13. FINDING SQL INJECTION
1.
Submit a single quote as input '
If an error results, app is vulnerable.
If no error, check for any output changes.
2.
Submit two single quotes.
Databases use ’’ to represent literal ’
If error disappears, app is vulnerable.
3.
Try string or numeric operators.
16. IMPACT OF SQL INJECTION
1.
2.
3.
4.
5.
Leakage of sensitive information.
Reputation decline.
Modification of sensitive information.
Loss of control of db server.
Data loss.
17. SQL INJECTION CONCLUSION
SQL injection is technique for exploiting
applications that use relational databases as their
back end.
Transform the innocent SQL calls to a malicious
call
Cause unauthorized access, deletion of data, or
theft of information
18. REFERENCES
SQL INJECTIONS – A HAZARD TO WEB APPLICATIONS
By- Neha Singh and Ravindra Kumar Purwar Issue 6, June
2012.
SQL INJECTION ATTACKS DETECTION IN ADVERSARI AL
ENVIRONMENTS BY
K-CENTERS Issue 15-17 July, 2012
http://www.britannica.com/EBchecked/topic/130595
/cybercrime
http://www.acunetix.com/websitesecurity/sqlinjection/