SlideShare uma empresa Scribd logo

How to protect the admin login page from SQL Injection.

Anuj Khandelwal
Anuj Khandelwal

A web application consists of front-end and back-end components. The front-end is the user-facing portion of a website, while the back-end includes the application, database, and server that power it. Dynamic websites require a database to store and retrieve information, and have features like inserting, fetching, updating, and deleting data through a control panel. The administrator login page provides access to make changes, and is commonly named variations of "adminlogin" or "administrator". Attackers try to access this page through guessing or searching online to gain unauthorized access. Developers can help prevent this by using unique, non-standard admin page names and strong authentication methods.

Tecnologia
1 de 5
Web Application -------------------------------- Website ---------------- A website is platform to present information about a company (or organization), an individual etc. Essentially, it is a collection of documents known as webpages that contain information: images, words, digital media, and alike. Types of websites -------------------------------- Static websites: - Static Websites can be defined as those which are not database driven. They can be developed by basic knowledge of web technologies like HTML and CSS. They present the information to the users/visitor in the most direct way as it is stored on the web server. These website do not have any control panel. They are driven through FTP clients that connect to the host server. A simple example of a static website could be an organization website providing details about its portfolio, contacts, resources, projects etc. Dynamic websites: - Dynamic websites can be defined as those that require database to store and retrieve the information. They have features such as insert new data, fetch data, update/modify data, and delete data etc. which are not present in the static websites. These websites have a control panels through which the administrator can make changes as per the requirement. Some of the most popular enterprise database used are: - Oracle, MySQL, SQL Server, DB2 etc. Parts of web application ----------------------------------------- Front end: It is that part of the web site which a user can see and interact. Back end: Also called as back-end technology infrastructure consists of an application, a database and a server. All the data is stored in the database. SQL (Structured Query Language) ------------------------------------------------ It is a standard programming languages designed to interact with the database. With the help of SQL the data from the front end is stored into the back-end. Similarly, the data from the back-end is retrieved and presented at the front-end.
Admin Login Page ------------------------------ It is the page where the administrator enters the control panel of the website to make changes. Generally the link for admin panel are as follows:- "adminlogin.php" "admin/login.php" "administrator.php" "login/admin.php" "adminlogin.asp" "admin/login.asp" "adminstrator.asp" "login/admin.asp" "adminlogin.aspx" "admin/login.aspx" "adminstrator.aspx" "login/admin.aspx" How to target admin login page? ----------------------------------------------------- Login with random username and password:- ----------------------------------------------------------------------- Username =========> hacker Password ==========>pass1234 LOGIN
Simple check deployed behind most of the websites: ---------------------------------------------------------------------------------- if username.text ="xyz" and password.text="pass" then welcome.show() else msgbox("Invalid username or password.") The above method is highly unsecured since it just checks the conditions to be true, it does not validate the entered username and password. -Any true condition can be used to hack into the website. Example: ‘or’ ‘=’, ‘1=1’ etc. -It is called condition based matching. -Secured way can be using Stored Procedure. Random Attacking ------------------------------ Go to google.com  adminlogin.aspx Target Based Attacking ------------------------------------ google.com: site: target.com admin google.com: site: target.com adminlogin How to protect the attack? -------------------------------------------  Never use traditional name for admin page. Use page like: xyz@c3r.php  Always use Email or Numeric character as username.  Filter the special character at the client end.  Do have fake messages for hackers.
The following script can prevent SQL injection attacks on a web application. ---------------------------------------------------------------------------------------------------------------------
Checking the working of the above script. ----------------------------------------------------------------

Recomendados

Web Applications - Behind the Scenes + Open Source Examples
Web Applications - Behind the Scenes + Open Source ExamplesWeb Applications - Behind the Scenes + Open Source Examples
Web Applications - Behind the Scenes + Open Source ExamplesRichard Peter Ong
 
Banking system (final)
Banking system (final)Banking system (final)
Banking system (final)prabhjot7777
 
Eco chapter 8
Eco chapter 8Eco chapter 8
Eco chapter 8namisth
 
Bid xcel compensation rewards program
Bid xcel compensation rewards programBid xcel compensation rewards program
Bid xcel compensation rewards programTomazo1967
 
Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06dhoni_ari
 
Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06dhoni_ari
 
Cómo vivir mi duelo en méxico
Cómo vivir mi duelo en méxicoCómo vivir mi duelo en méxico
Cómo vivir mi duelo en méxicoJosue Neri
 
Doc1
Doc1Doc1
Doc1Hardik Bhanushali
 

Recomendados

Web Applications - Behind the Scenes + Open Source Examples
Web Applications - Behind the Scenes + Open Source ExamplesWeb Applications - Behind the Scenes + Open Source Examples
Web Applications - Behind the Scenes + Open Source ExamplesRichard Peter Ong
 
Banking system (final)
Banking system (final)Banking system (final)
Banking system (final)prabhjot7777
 
Eco chapter 8
Eco chapter 8Eco chapter 8
Eco chapter 8namisth
 
Bid xcel compensation rewards program
Bid xcel compensation rewards programBid xcel compensation rewards program
Bid xcel compensation rewards programTomazo1967
 
Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06dhoni_ari
 
Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06dhoni_ari
 
Cómo vivir mi duelo en méxico
Cómo vivir mi duelo en méxicoCómo vivir mi duelo en méxico
Cómo vivir mi duelo en méxicoJosue Neri
 
Doc1
Doc1Doc1
Doc1Hardik Bhanushali
 
Prezi. Quezada
Prezi. QuezadaPrezi. Quezada
Prezi. QuezadaMaria Quezada
 
Periferal sistem komputer powerpoint
Periferal sistem komputer powerpointPeriferal sistem komputer powerpoint
Periferal sistem komputer powerpointfendi_setyawan
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAnuj Khandelwal
 
Women in Rotary: Fantasy Draft
Women in Rotary: Fantasy DraftWomen in Rotary: Fantasy Draft
Women in Rotary: Fantasy DraftRotaractLB
 
Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101RotaractLB
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.Anuj Khandelwal
 
Building a Strong Team Culture
Building a Strong Team CultureBuilding a Strong Team Culture
Building a Strong Team CultureRotaractLB
 
4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunan4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunanMiracLe Min
 
web services8 (1).pdf for computer science
web services8 (1).pdf for computer scienceweb services8 (1).pdf for computer science
web services8 (1).pdf for computer scienceoptimusnotch44
 
ideas.doc
ideas.docideas.doc
ideas.docbutest
 
web development
web developmentweb development
web developmentSevajothi Crafts
 
Overview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company indiaOverview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company indiaJignesh Aakoliya
 
Res hack
Res hackRes hack
Res hackAllison Albernaz
 
C# Unit5 Notes
C# Unit5 NotesC# Unit5 Notes
C# Unit5 NotesSudarshan Dhondaley
 
Roll Your Own Content Management System
Roll Your Own Content Management SystemRoll Your Own Content Management System
Roll Your Own Content Management Systemguest0fe006
 
Tableau Architecture
Tableau ArchitectureTableau Architecture
Tableau ArchitectureVivek Mohan
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Softwarewebhostingguy
 
Microsoft Windows Network Auditing and Reporting Solution
Microsoft Windows Network Auditing and Reporting SolutionMicrosoft Windows Network Auditing and Reporting Solution
Microsoft Windows Network Auditing and Reporting SolutionVyapin Software Systems Private Limited
 
All-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.pptAll-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.pptkulmiyealiabdille
 
Windows Hosting Documentation
Windows Hosting DocumentationWindows Hosting Documentation
Windows Hosting Documentationwebhostingguy
 
Dos1
Dos1Dos1
Dos1Avinash Buddana
 
Online old books sales by hemraj gahlot
Online old books sales by hemraj gahlotOnline old books sales by hemraj gahlot
Online old books sales by hemraj gahlotHemraj Gahlot
 

Mais conteúdo relacionado

Destaque

Periferal sistem komputer powerpoint
Periferal sistem komputer powerpointPeriferal sistem komputer powerpoint
Periferal sistem komputer powerpointfendi_setyawan
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAnuj Khandelwal
 
Women in Rotary: Fantasy Draft
Women in Rotary: Fantasy DraftWomen in Rotary: Fantasy Draft
Women in Rotary: Fantasy DraftRotaractLB
 
Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101RotaractLB
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.Anuj Khandelwal
 
Building a Strong Team Culture
Building a Strong Team CultureBuilding a Strong Team Culture
Building a Strong Team CultureRotaractLB
 
4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunan4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunanMiracLe Min
 

Destaque (8)

Prezi. Quezada
Prezi. QuezadaPrezi. Quezada
Prezi. Quezada
 
Periferal sistem komputer powerpoint
Periferal sistem komputer powerpointPeriferal sistem komputer powerpoint
Periferal sistem komputer powerpoint
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a Newbie
 
Women in Rotary: Fantasy Draft
Women in Rotary: Fantasy DraftWomen in Rotary: Fantasy Draft
Women in Rotary: Fantasy Draft
 
Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.
 
Building a Strong Team Culture
Building a Strong Team CultureBuilding a Strong Team Culture
Building a Strong Team Culture
 
4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunan4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunan
 

Semelhante a How to protect the admin login page from SQL Injection.

web services8 (1).pdf for computer science
web services8 (1).pdf for computer scienceweb services8 (1).pdf for computer science
web services8 (1).pdf for computer scienceoptimusnotch44
 
ideas.doc
ideas.docideas.doc
ideas.docbutest
 
Overview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company indiaOverview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company indiaJignesh Aakoliya
 
Roll Your Own Content Management System
Roll Your Own Content Management SystemRoll Your Own Content Management System
Roll Your Own Content Management Systemguest0fe006
 
Tableau Architecture
Tableau ArchitectureTableau Architecture
Tableau ArchitectureVivek Mohan
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Softwarewebhostingguy
 
All-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.pptAll-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.pptkulmiyealiabdille
 
Windows Hosting Documentation
Windows Hosting DocumentationWindows Hosting Documentation
Windows Hosting Documentationwebhostingguy
 
Online old books sales by hemraj gahlot
Online old books sales by hemraj gahlotOnline old books sales by hemraj gahlot
Online old books sales by hemraj gahlotHemraj Gahlot
 
Information Management & Sharing in Digital Era
Information Management & Sharing in Digital Era Information Management & Sharing in Digital Era
Information Management & Sharing in Digital Era Liaquat Rahoo
 
History of Web Technology
History of Web TechnologyHistory of Web Technology
History of Web TechnologyShuvo Malakar
 
Microsoft Dynamics CRM – Web Resources
Microsoft Dynamics CRM – Web ResourcesMicrosoft Dynamics CRM – Web Resources
Microsoft Dynamics CRM – Web ResourcesDucat India
 
Adding Data into your SOA with WSO2 WSAS
Adding Data into your SOA with WSO2 WSASAdding Data into your SOA with WSO2 WSAS
Adding Data into your SOA with WSO2 WSASsumedha.r
 

Semelhante a How to protect the admin login page from SQL Injection. (20)

web services8 (1).pdf for computer science
web services8 (1).pdf for computer scienceweb services8 (1).pdf for computer science
web services8 (1).pdf for computer science
 
ideas.doc
ideas.docideas.doc
ideas.doc
 
web development
web developmentweb development
web development
 
Overview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company indiaOverview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company india
 
Res hack
Res hackRes hack
Res hack
 
C# Unit5 Notes
C# Unit5 NotesC# Unit5 Notes
C# Unit5 Notes
 
Roll Your Own Content Management System
Roll Your Own Content Management SystemRoll Your Own Content Management System
Roll Your Own Content Management System
 
Tableau Architecture
Tableau ArchitectureTableau Architecture
Tableau Architecture
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Software
 
Microsoft Windows Network Auditing and Reporting Solution
Microsoft Windows Network Auditing and Reporting SolutionMicrosoft Windows Network Auditing and Reporting Solution
Microsoft Windows Network Auditing and Reporting Solution
 
All-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.pptAll-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.ppt
 
Windows Hosting Documentation
Windows Hosting DocumentationWindows Hosting Documentation
Windows Hosting Documentation
 
Dos1
Dos1Dos1
Dos1
 
Online old books sales by hemraj gahlot
Online old books sales by hemraj gahlotOnline old books sales by hemraj gahlot
Online old books sales by hemraj gahlot
 
An Introduction to On-Demand, Web-Based Publishing
An Introduction to On-Demand, Web-Based PublishingAn Introduction to On-Demand, Web-Based Publishing
An Introduction to On-Demand, Web-Based Publishing
 
Information Management & Sharing in Digital Era
Information Management & Sharing in Digital Era Information Management & Sharing in Digital Era
Information Management & Sharing in Digital Era
 
Web application architecture
Web application architectureWeb application architecture
Web application architecture
 
History of Web Technology
History of Web TechnologyHistory of Web Technology
History of Web Technology
 
Microsoft Dynamics CRM – Web Resources
Microsoft Dynamics CRM – Web ResourcesMicrosoft Dynamics CRM – Web Resources
Microsoft Dynamics CRM – Web Resources
 
Adding Data into your SOA with WSO2 WSAS
Adding Data into your SOA with WSO2 WSASAdding Data into your SOA with WSO2 WSAS
Adding Data into your SOA with WSO2 WSAS
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Último (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

How to protect the admin login page from SQL Injection.

  • 1. Web Application -------------------------------- Website ---------------- A website is platform to present information about a company (or organization), an individual etc. Essentially, it is a collection of documents known as webpages that contain information: images, words, digital media, and alike. Types of websites -------------------------------- Static websites: - Static Websites can be defined as those which are not database driven. They can be developed by basic knowledge of web technologies like HTML and CSS. They present the information to the users/visitor in the most direct way as it is stored on the web server. These website do not have any control panel. They are driven through FTP clients that connect to the host server. A simple example of a static website could be an organization website providing details about its portfolio, contacts, resources, projects etc. Dynamic websites: - Dynamic websites can be defined as those that require database to store and retrieve the information. They have features such as insert new data, fetch data, update/modify data, and delete data etc. which are not present in the static websites. These websites have a control panels through which the administrator can make changes as per the requirement. Some of the most popular enterprise database used are: - Oracle, MySQL, SQL Server, DB2 etc. Parts of web application ----------------------------------------- Front end: It is that part of the web site which a user can see and interact. Back end: Also called as back-end technology infrastructure consists of an application, a database and a server. All the data is stored in the database. SQL (Structured Query Language) ------------------------------------------------ It is a standard programming languages designed to interact with the database. With the help of SQL the data from the front end is stored into the back-end. Similarly, the data from the back-end is retrieved and presented at the front-end.
  • 2. Admin Login Page ------------------------------ It is the page where the administrator enters the control panel of the website to make changes. Generally the link for admin panel are as follows:- "adminlogin.php" "admin/login.php" "administrator.php" "login/admin.php" "adminlogin.asp" "admin/login.asp" "adminstrator.asp" "login/admin.asp" "adminlogin.aspx" "admin/login.aspx" "adminstrator.aspx" "login/admin.aspx" How to target admin login page? ----------------------------------------------------- Login with random username and password:- ----------------------------------------------------------------------- Username =========> hacker Password ==========>pass1234 LOGIN
  • 3. Simple check deployed behind most of the websites: ---------------------------------------------------------------------------------- if username.text ="xyz" and password.text="pass" then welcome.show() else msgbox("Invalid username or password.") The above method is highly unsecured since it just checks the conditions to be true, it does not validate the entered username and password. -Any true condition can be used to hack into the website. Example: ‘or’ ‘=’, ‘1=1’ etc. -It is called condition based matching. -Secured way can be using Stored Procedure. Random Attacking ------------------------------ Go to google.com  adminlogin.aspx Target Based Attacking ------------------------------------ google.com: site: target.com admin google.com: site: target.com adminlogin How to protect the attack? -------------------------------------------  Never use traditional name for admin page. Use page like: xyz@c3r.php  Always use Email or Numeric character as username.  Filter the special character at the client end.  Do have fake messages for hackers.
  • 4. The following script can prevent SQL injection attacks on a web application. ---------------------------------------------------------------------------------------------------------------------
  • 5. Checking the working of the above script. ----------------------------------------------------------------