SlideShare a Scribd company logo

How to protect the admin login page from SQL Injection.

Anuj Khandelwal
Anuj Khandelwal

A web application consists of front-end and back-end components. The front-end is the user-facing portion of a website, while the back-end includes the application, database, and server that power it. Dynamic websites require a database to store and retrieve information, and have features like inserting, fetching, updating, and deleting data through a control panel. The administrator login page provides access to make changes, and is commonly named variations of "adminlogin" or "administrator". Attackers try to access this page through guessing or searching online to gain unauthorized access. Developers can help prevent this by using unique, non-standard admin page names and strong authentication methods.

Technology
1 of 5
Web Application -------------------------------- Website ---------------- A website is platform to present information about a company (or organization), an individual etc. Essentially, it is a collection of documents known as webpages that contain information: images, words, digital media, and alike. Types of websites -------------------------------- Static websites: - Static Websites can be defined as those which are not database driven. They can be developed by basic knowledge of web technologies like HTML and CSS. They present the information to the users/visitor in the most direct way as it is stored on the web server. These website do not have any control panel. They are driven through FTP clients that connect to the host server. A simple example of a static website could be an organization website providing details about its portfolio, contacts, resources, projects etc. Dynamic websites: - Dynamic websites can be defined as those that require database to store and retrieve the information. They have features such as insert new data, fetch data, update/modify data, and delete data etc. which are not present in the static websites. These websites have a control panels through which the administrator can make changes as per the requirement. Some of the most popular enterprise database used are: - Oracle, MySQL, SQL Server, DB2 etc. Parts of web application ----------------------------------------- Front end: It is that part of the web site which a user can see and interact. Back end: Also called as back-end technology infrastructure consists of an application, a database and a server. All the data is stored in the database. SQL (Structured Query Language) ------------------------------------------------ It is a standard programming languages designed to interact with the database. With the help of SQL the data from the front end is stored into the back-end. Similarly, the data from the back-end is retrieved and presented at the front-end.
Admin Login Page ------------------------------ It is the page where the administrator enters the control panel of the website to make changes. Generally the link for admin panel are as follows:- "adminlogin.php" "admin/login.php" "administrator.php" "login/admin.php" "adminlogin.asp" "admin/login.asp" "adminstrator.asp" "login/admin.asp" "adminlogin.aspx" "admin/login.aspx" "adminstrator.aspx" "login/admin.aspx" How to target admin login page? ----------------------------------------------------- Login with random username and password:- ----------------------------------------------------------------------- Username =========> hacker Password ==========>pass1234 LOGIN
Simple check deployed behind most of the websites: ---------------------------------------------------------------------------------- if username.text ="xyz" and password.text="pass" then welcome.show() else msgbox("Invalid username or password.") The above method is highly unsecured since it just checks the conditions to be true, it does not validate the entered username and password. -Any true condition can be used to hack into the website. Example: ‘or’ ‘=’, ‘1=1’ etc. -It is called condition based matching. -Secured way can be using Stored Procedure. Random Attacking ------------------------------ Go to google.com  adminlogin.aspx Target Based Attacking ------------------------------------ google.com: site: target.com admin google.com: site: target.com adminlogin How to protect the attack? -------------------------------------------  Never use traditional name for admin page. Use page like: xyz@c3r.php  Always use Email or Numeric character as username.  Filter the special character at the client end.  Do have fake messages for hackers.
The following script can prevent SQL injection attacks on a web application. ---------------------------------------------------------------------------------------------------------------------
Checking the working of the above script. ----------------------------------------------------------------

Recommended

Web Applications - Behind the Scenes + Open Source Examples
Web Applications - Behind the Scenes + Open Source ExamplesWeb Applications - Behind the Scenes + Open Source Examples
Web Applications - Behind the Scenes + Open Source ExamplesRichard Peter Ong
 
Banking system (final)
Banking system (final)Banking system (final)
Banking system (final)prabhjot7777
 
Eco chapter 8
Eco chapter 8Eco chapter 8
Eco chapter 8namisth
 
Bid xcel compensation rewards program
Bid xcel compensation rewards programBid xcel compensation rewards program
Bid xcel compensation rewards programTomazo1967
 
Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06dhoni_ari
 
Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06dhoni_ari
 
Cómo vivir mi duelo en méxico
Cómo vivir mi duelo en méxicoCómo vivir mi duelo en méxico
Cómo vivir mi duelo en méxicoJosue Neri
 
Doc1
Doc1Doc1
Doc1Hardik Bhanushali
 

Recommended

Web Applications - Behind the Scenes + Open Source Examples
Web Applications - Behind the Scenes + Open Source ExamplesWeb Applications - Behind the Scenes + Open Source Examples
Web Applications - Behind the Scenes + Open Source ExamplesRichard Peter Ong
 
Banking system (final)
Banking system (final)Banking system (final)
Banking system (final)prabhjot7777
 
Eco chapter 8
Eco chapter 8Eco chapter 8
Eco chapter 8namisth
 
Bid xcel compensation rewards program
Bid xcel compensation rewards programBid xcel compensation rewards program
Bid xcel compensation rewards programTomazo1967
 
Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06dhoni_ari
 
Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06Peripheral komputer/Dhoni Ari N/XTKJA/06
Peripheral komputer/Dhoni Ari N/XTKJA/06dhoni_ari
 
Cómo vivir mi duelo en méxico
Cómo vivir mi duelo en méxicoCómo vivir mi duelo en méxico
Cómo vivir mi duelo en méxicoJosue Neri
 
Doc1
Doc1Doc1
Doc1Hardik Bhanushali
 
Prezi. Quezada
Prezi. QuezadaPrezi. Quezada
Prezi. QuezadaMaria Quezada
 
Periferal sistem komputer powerpoint
Periferal sistem komputer powerpointPeriferal sistem komputer powerpoint
Periferal sistem komputer powerpointfendi_setyawan
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAnuj Khandelwal
 
Women in Rotary: Fantasy Draft
Women in Rotary: Fantasy DraftWomen in Rotary: Fantasy Draft
Women in Rotary: Fantasy DraftRotaractLB
 
Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101RotaractLB
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.Anuj Khandelwal
 
Building a Strong Team Culture
Building a Strong Team CultureBuilding a Strong Team Culture
Building a Strong Team CultureRotaractLB
 
4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunan4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunanMiracLe Min
 
web services8 (1).pdf for computer science
web services8 (1).pdf for computer scienceweb services8 (1).pdf for computer science
web services8 (1).pdf for computer scienceoptimusnotch44
 
ideas.doc
ideas.docideas.doc
ideas.docbutest
 
web development
web developmentweb development
web developmentSevajothi Crafts
 
Overview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company indiaOverview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company indiaJignesh Aakoliya
 
Res hack
Res hackRes hack
Res hackAllison Albernaz
 
C# Unit5 Notes
C# Unit5 NotesC# Unit5 Notes
C# Unit5 NotesSudarshan Dhondaley
 
Roll Your Own Content Management System
Roll Your Own Content Management SystemRoll Your Own Content Management System
Roll Your Own Content Management Systemguest0fe006
 
Tableau Architecture
Tableau ArchitectureTableau Architecture
Tableau ArchitectureVivek Mohan
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Softwarewebhostingguy
 
Microsoft Windows Network Auditing and Reporting Solution
Microsoft Windows Network Auditing and Reporting SolutionMicrosoft Windows Network Auditing and Reporting Solution
Microsoft Windows Network Auditing and Reporting SolutionVyapin Software Systems Private Limited
 
All-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.pptAll-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.pptkulmiyealiabdille
 
Windows Hosting Documentation
Windows Hosting DocumentationWindows Hosting Documentation
Windows Hosting Documentationwebhostingguy
 
Dos1
Dos1Dos1
Dos1Avinash Buddana
 
Online old books sales by hemraj gahlot
Online old books sales by hemraj gahlotOnline old books sales by hemraj gahlot
Online old books sales by hemraj gahlotHemraj Gahlot
 

More Related Content

Viewers also liked

Periferal sistem komputer powerpoint
Periferal sistem komputer powerpointPeriferal sistem komputer powerpoint
Periferal sistem komputer powerpointfendi_setyawan
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAnuj Khandelwal
 
Women in Rotary: Fantasy Draft
Women in Rotary: Fantasy DraftWomen in Rotary: Fantasy Draft
Women in Rotary: Fantasy DraftRotaractLB
 
Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101RotaractLB
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.Anuj Khandelwal
 
Building a Strong Team Culture
Building a Strong Team CultureBuilding a Strong Team Culture
Building a Strong Team CultureRotaractLB
 
4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunan4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunanMiracLe Min
 

Viewers also liked (8)

Prezi. Quezada
Prezi. QuezadaPrezi. Quezada
Prezi. Quezada
 
Periferal sistem komputer powerpoint
Periferal sistem komputer powerpointPeriferal sistem komputer powerpoint
Periferal sistem komputer powerpoint
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a Newbie
 
Women in Rotary: Fantasy Draft
Women in Rotary: Fantasy DraftWomen in Rotary: Fantasy Draft
Women in Rotary: Fantasy Draft
 
Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101Rotary Assembly: Social Media 101
Rotary Assembly: Social Media 101
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.
 
Building a Strong Team Culture
Building a Strong Team CultureBuilding a Strong Team Culture
Building a Strong Team Culture
 
4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunan4. kemiskinan, ketimpangan, dan pembangunan
4. kemiskinan, ketimpangan, dan pembangunan
 

Similar to How to protect the admin login page from SQL Injection.

web services8 (1).pdf for computer science
web services8 (1).pdf for computer scienceweb services8 (1).pdf for computer science
web services8 (1).pdf for computer scienceoptimusnotch44
 
ideas.doc
ideas.docideas.doc
ideas.docbutest
 
Overview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company indiaOverview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company indiaJignesh Aakoliya
 
Roll Your Own Content Management System
Roll Your Own Content Management SystemRoll Your Own Content Management System
Roll Your Own Content Management Systemguest0fe006
 
Tableau Architecture
Tableau ArchitectureTableau Architecture
Tableau ArchitectureVivek Mohan
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Softwarewebhostingguy
 
All-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.pptAll-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.pptkulmiyealiabdille
 
Windows Hosting Documentation
Windows Hosting DocumentationWindows Hosting Documentation
Windows Hosting Documentationwebhostingguy
 
Online old books sales by hemraj gahlot
Online old books sales by hemraj gahlotOnline old books sales by hemraj gahlot
Online old books sales by hemraj gahlotHemraj Gahlot
 
Information Management & Sharing in Digital Era
Information Management & Sharing in Digital Era Information Management & Sharing in Digital Era
Information Management & Sharing in Digital Era Liaquat Rahoo
 
History of Web Technology
History of Web TechnologyHistory of Web Technology
History of Web TechnologyShuvo Malakar
 
Microsoft Dynamics CRM – Web Resources
Microsoft Dynamics CRM – Web ResourcesMicrosoft Dynamics CRM – Web Resources
Microsoft Dynamics CRM – Web ResourcesDucat India
 
Adding Data into your SOA with WSO2 WSAS
Adding Data into your SOA with WSO2 WSASAdding Data into your SOA with WSO2 WSAS
Adding Data into your SOA with WSO2 WSASsumedha.r
 

Similar to How to protect the admin login page from SQL Injection. (20)

web services8 (1).pdf for computer science
web services8 (1).pdf for computer scienceweb services8 (1).pdf for computer science
web services8 (1).pdf for computer science
 
ideas.doc
ideas.docideas.doc
ideas.doc
 
web development
web developmentweb development
web development
 
Overview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company indiaOverview of ASP.Net by software outsourcing company india
Overview of ASP.Net by software outsourcing company india
 
Res hack
Res hackRes hack
Res hack
 
C# Unit5 Notes
C# Unit5 NotesC# Unit5 Notes
C# Unit5 Notes
 
Roll Your Own Content Management System
Roll Your Own Content Management SystemRoll Your Own Content Management System
Roll Your Own Content Management System
 
Tableau Architecture
Tableau ArchitectureTableau Architecture
Tableau Architecture
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Software
 
Microsoft Windows Network Auditing and Reporting Solution
Microsoft Windows Network Auditing and Reporting SolutionMicrosoft Windows Network Auditing and Reporting Solution
Microsoft Windows Network Auditing and Reporting Solution
 
All-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.pptAll-Squared-LVAC-Web-Design.ppt
All-Squared-LVAC-Web-Design.ppt
 
Windows Hosting Documentation
Windows Hosting DocumentationWindows Hosting Documentation
Windows Hosting Documentation
 
Dos1
Dos1Dos1
Dos1
 
Online old books sales by hemraj gahlot
Online old books sales by hemraj gahlotOnline old books sales by hemraj gahlot
Online old books sales by hemraj gahlot
 
An Introduction to On-Demand, Web-Based Publishing
An Introduction to On-Demand, Web-Based PublishingAn Introduction to On-Demand, Web-Based Publishing
An Introduction to On-Demand, Web-Based Publishing
 
Information Management & Sharing in Digital Era
Information Management & Sharing in Digital Era Information Management & Sharing in Digital Era
Information Management & Sharing in Digital Era
 
Web application architecture
Web application architectureWeb application architecture
Web application architecture
 
History of Web Technology
History of Web TechnologyHistory of Web Technology
History of Web Technology
 
Microsoft Dynamics CRM – Web Resources
Microsoft Dynamics CRM – Web ResourcesMicrosoft Dynamics CRM – Web Resources
Microsoft Dynamics CRM – Web Resources
 
Adding Data into your SOA with WSO2 WSAS
Adding Data into your SOA with WSO2 WSASAdding Data into your SOA with WSO2 WSAS
Adding Data into your SOA with WSO2 WSAS
 

Recently uploaded

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentationyogeshlabana357357
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfalexjohnson7307
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 

Recently uploaded (20)

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 

How to protect the admin login page from SQL Injection.

  • 1. Web Application -------------------------------- Website ---------------- A website is platform to present information about a company (or organization), an individual etc. Essentially, it is a collection of documents known as webpages that contain information: images, words, digital media, and alike. Types of websites -------------------------------- Static websites: - Static Websites can be defined as those which are not database driven. They can be developed by basic knowledge of web technologies like HTML and CSS. They present the information to the users/visitor in the most direct way as it is stored on the web server. These website do not have any control panel. They are driven through FTP clients that connect to the host server. A simple example of a static website could be an organization website providing details about its portfolio, contacts, resources, projects etc. Dynamic websites: - Dynamic websites can be defined as those that require database to store and retrieve the information. They have features such as insert new data, fetch data, update/modify data, and delete data etc. which are not present in the static websites. These websites have a control panels through which the administrator can make changes as per the requirement. Some of the most popular enterprise database used are: - Oracle, MySQL, SQL Server, DB2 etc. Parts of web application ----------------------------------------- Front end: It is that part of the web site which a user can see and interact. Back end: Also called as back-end technology infrastructure consists of an application, a database and a server. All the data is stored in the database. SQL (Structured Query Language) ------------------------------------------------ It is a standard programming languages designed to interact with the database. With the help of SQL the data from the front end is stored into the back-end. Similarly, the data from the back-end is retrieved and presented at the front-end.
  • 2. Admin Login Page ------------------------------ It is the page where the administrator enters the control panel of the website to make changes. Generally the link for admin panel are as follows:- "adminlogin.php" "admin/login.php" "administrator.php" "login/admin.php" "adminlogin.asp" "admin/login.asp" "adminstrator.asp" "login/admin.asp" "adminlogin.aspx" "admin/login.aspx" "adminstrator.aspx" "login/admin.aspx" How to target admin login page? ----------------------------------------------------- Login with random username and password:- ----------------------------------------------------------------------- Username =========> hacker Password ==========>pass1234 LOGIN
  • 3. Simple check deployed behind most of the websites: ---------------------------------------------------------------------------------- if username.text ="xyz" and password.text="pass" then welcome.show() else msgbox("Invalid username or password.") The above method is highly unsecured since it just checks the conditions to be true, it does not validate the entered username and password. -Any true condition can be used to hack into the website. Example: ‘or’ ‘=’, ‘1=1’ etc. -It is called condition based matching. -Secured way can be using Stored Procedure. Random Attacking ------------------------------ Go to google.com  adminlogin.aspx Target Based Attacking ------------------------------------ google.com: site: target.com admin google.com: site: target.com adminlogin How to protect the attack? -------------------------------------------  Never use traditional name for admin page. Use page like: xyz@c3r.php  Always use Email or Numeric character as username.  Filter the special character at the client end.  Do have fake messages for hackers.
  • 4. The following script can prevent SQL injection attacks on a web application. ---------------------------------------------------------------------------------------------------------------------
  • 5. Checking the working of the above script. ----------------------------------------------------------------