SlideShare a Scribd company logo

SQL Injection

Download as PPTX, PDF
Sayed Ahmad Naweed, profile picture
Sayed Ahmad Naweed

According to a 2015 study, 86% of over 30,000 websites tested had at least one serious vulnerability. Of the vulnerabilities found, 61% were resolved within 193 days. SQL injection is a type of attack where an attacker tries to alter SQL statements by inserting new SQL keywords or operators. Examples provided demonstrate how an attacker can use SQL injection to drop all databases or return all records. Prevention techniques like escaping characters and using prepared statements can help protect against SQL injection attacks.

Technology
1 of 21
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Sayed Ahmad Naweed
of 30,000 websites tested by WhiteHat Sentinel had at least one serious vulnerability. 86% Source: https://www.whitehatsec.com/statistics-report/featured/2015/05/21/statsreport.html
of these vulnerabilities were resolved. 61% Source: https://www.whitehatsec.com/statistics-report/featured/2015/05/21/statsreport.html
193 Days
From a single injection we accessed EVERYTHING Why do you put such faith in a company that allows itself to become open to these simple attacks? “ ” “ ” LulzSec Source: http://www.theguardian.com/technology/2012/aug/29/lulzsec-hacker-arrest-sony-attack
SQL is used to communicate with a relational database. SQL
When an attacker attempts to change the logic, semantics or syntax of a legitimate SQL statement by inserting new SQL keywords or operators into the statement. Source: Halfond, William GJ, and Alessandro Orso. "AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks." Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering. ACM, 2005. SQL Injection
SQL Injection
SQL Injection
SQL
Example #1
SELECT * FROM USERS WHERE Username = “sayed”
SELECT * FROM USERS WHERE Username = “sayed”“
SELECT * FROM USERS WHERE Username = “sayed”; Drop All DATABASES ;DROP ALL DATABASES;
Example #2
OR ‘1’ = ‘1’ SELECT * FROM USERS WHERE username = “sayed” AND Password =“1234” or ‘1’ = ‘1’
Live Demo http://sqlzoo.net/hack/
Prevention Techniques
Scape Characters mysql_real_escape_string(Query) Prepared Stetement SELECT * FROM USERS WHERE username = ?
Conclusion • Your vulnerable if you do not use prepared statement. • Don’t forget As hacks go, there are worst ones!
any question …

More Related Content

PPTX
SQL Injection
Asish Kumar Rath
 
PPTX
Sql injection - security testing
Napendra Singh
 
PPT
A Brief Introduction in SQL Injection
Sina Manavi
 
PPTX
Sql injections - with example
Prateek Chauhan
 
PDF
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
Edureka!
 
PPTX
SQL INJECTION
Mentorcs
 
PPT
Sql injection attack
RajKumar Rampelli
 
PPTX
SQL injection prevention techniques
SongchaiDuangpan
 
SQL Injection
Asish Kumar Rath
 
Sql injection - security testing
Napendra Singh
 
A Brief Introduction in SQL Injection
Sina Manavi
 
Sql injections - with example
Prateek Chauhan
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
Edureka!
 
SQL INJECTION
Mentorcs
 
Sql injection attack
RajKumar Rampelli
 
SQL injection prevention techniques
SongchaiDuangpan
 

What's hot (20)

PPTX
Sql Injection attacks and prevention
helloanand
 
PPT
SQL Injection
Adhoura Academy
 
PPTX
SQL injection
Raj Parmar
 
PDF
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
PDF
How to identify and prevent SQL injection
Eguardian Global Services
 
PPTX
Ppt on sql injection
ashish20012
 
PPTX
Waf bypassing Techniques
Avinash Thapa
 
PPTX
SQL Injections (Part 1)
n|u - The Open Security Community
 
PPTX
Sql injection
Zidh
 
PDF
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
PPTX
Sql injection
Sasha-Leigh Garret
 
PPT
Sql injection
Nikunj Dhameliya
 
PPT
Sql injection
Nitish Kumar
 
PPTX
Sql injection
Hemendra Kumar
 
PPT
Sql injection
Pallavi Biswas
 
PDF
Broken access controls
Akansha Kesharwani
 
PPTX
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
ODP
XSS
Hrishikesh Mishra
 
PPTX
Sql injection
Mehul Boghra
 
PPTX
Owasp Top 10 A1: Injection
Michael Hendrickx
 
Sql Injection attacks and prevention
helloanand
 
SQL Injection
Adhoura Academy
 
SQL injection
Raj Parmar
 
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
How to identify and prevent SQL injection
Eguardian Global Services
 
Ppt on sql injection
ashish20012
 
Waf bypassing Techniques
Avinash Thapa
 
SQL Injections (Part 1)
n|u - The Open Security Community
 
Sql injection
Zidh
 
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
Sql injection
Sasha-Leigh Garret
 
Sql injection
Nikunj Dhameliya
 
Sql injection
Nitish Kumar
 
Sql injection
Hemendra Kumar
 
Sql injection
Pallavi Biswas
 
Broken access controls
Akansha Kesharwani
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
XSS
Hrishikesh Mishra
 
Sql injection
Mehul Boghra
 
Owasp Top 10 A1: Injection
Michael Hendrickx
 
Ad

Similar to SQL Injection (20)

PPTX
XSS- an application security vulnerability
Soumyasanto Sen
 
PDF
OWASP Top 10
Arthur Shvetsov
 
PPTX
.NET Security Topics
Shawn Gorrell
 
PPTX
Secure Software Engineering
Rohitha Liyanagama
 
PDF
QAing the security way!
Amit Gundiyal
 
PPTX
Securing Industrial Control Systems
Eric Andresen
 
PPTX
vodQA(Pune) 2018 - QAing the security way
vodQA
 
PDF
C01461422
IOSR Journals
 
PPTX
Appsec2013 assurance tagging-robert martin
drewz lin
 
PDF
Application Security Guide for Beginners
Checkmarx
 
PPTX
IPS Best Practices
Heather Axworthy
 
PDF
OWASP Top 10 Project
Muhammad Shehata
 
PDF
WhiteHat Security Website Statistics [Full Report] (2013)
Jeremiah Grossman
 
PDF
The International Journal of Engineering and Science (The IJES)
theijes
 
PDF
Ijcet 06 10_005
IAEME Publication
 
PDF
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
Jeremiah Grossman
 
PDF
Devoid Web Application From SQL Injection Attack
IJRESJOURNAL
 
PDF
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
Editor IJMTER
 
PPTX
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Jeff Williams
 
PDF
Secure coding presentation Oct 3 2020
Moataz Kamel
 
XSS- an application security vulnerability
Soumyasanto Sen
 
OWASP Top 10
Arthur Shvetsov
 
.NET Security Topics
Shawn Gorrell
 
Secure Software Engineering
Rohitha Liyanagama
 
QAing the security way!
Amit Gundiyal
 
Securing Industrial Control Systems
Eric Andresen
 
vodQA(Pune) 2018 - QAing the security way
vodQA
 
C01461422
IOSR Journals
 
Appsec2013 assurance tagging-robert martin
drewz lin
 
Application Security Guide for Beginners
Checkmarx
 
IPS Best Practices
Heather Axworthy
 
OWASP Top 10 Project
Muhammad Shehata
 
WhiteHat Security Website Statistics [Full Report] (2013)
Jeremiah Grossman
 
The International Journal of Engineering and Science (The IJES)
theijes
 
Ijcet 06 10_005
IAEME Publication
 
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
Jeremiah Grossman
 
Devoid Web Application From SQL Injection Attack
IJRESJOURNAL
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
Editor IJMTER
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Jeff Williams
 
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Ad

Recently uploaded (20)

PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Cloud computing and distributed systems.
kkkkkhan
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 

SQL Injection