3. SQL Injection
SQL injection is a technique where a user can
inject malicious SQL commands into an SQL
statement, via web page input.
A successful SQL injection exploit can read
sensitive data from the database, modify
database data (insert/update/delete) and
compromise the security of a web application.
9. Preventing SQL Injection
You can prevent SQL injection if you adopt an
input validation technique in which user input is
authenticated against a set of defined rules for
length, type and syntax and also against
business rules.
You should ensure that users with the
permission to access the database have the
least privileges. Additionally, do not use system
administrator accounts. Also, you should
always make sure that a database user is
created only for a specific application and this
user is not able to access other applications.
10. Other common web application
bugs
Cross site scripting ( XSS )
Cross Site Request Forgery ( CSRF )
Remote Code Execution ( RCE )
Remote File Inclusion ( RFI )
Local File Inclusion ( LFI )
Broken authentication etc
11. Tools to Secure your Site
MetaSploit
( http://www.metasploit.com )
Zap
( http://sourceforge.net/projects/zaproxy/ )
Brup Suite
( http://portswigger.net/burp/download.html )
etc
20. Stay Secure
Use Linux based operating systems B|
Never believe anyone
Use a better anti-virus
Always keep PC firewall ON
Check URL before visiting any website
Always download app from play-store/app-store
Check app permissions while installing app
Use 2nd
step verification on email or social
networks
21. And who wants to be a Hacker !!
Programming
Programming
Programming
Programming
Programming
Programming
Programming
Programming
Programming