SEMINAR ABSTRACT
ON
SQL INJECTION
Submitted By,
Sanal.S
S5MCA.A
Roll No: 43
ABSTRACT
SQL injection attacks pose a serious security threat to Web applications:
they allow attackers to obtain unrestricted access to the databases underlying the
applications and to the potentially sensitive information these databases contain. Although
researchers and practitioners have proposed various methods to address the SQL injection
problem, current approaches either fail to address the full scope of the problem or have
limitations that prevent their use and adoption. Many researchers and practitioners are
familiar with only a subset of the wide range of techniques available to attackers who are
trying to take advantage of SQL injection vulnerabilities. As a consequence, many solutions
proposed in the literature address only some of the issues related to SQL injection. To
address this problem, we present an extensive review of the different types of SQL injection
attacks known to date. For each type of attack, we provide descriptions and examples of
how attacks of that type could be performed. We also present and analyze existing detection
and prevention techniques against SQL injection attacks. For each technique, we discuss
its strengths and weaknesses in addressing the entire range of SQL injection attacks.
This paper contains information about this extremely popular database
attack. Most of today's web applications require dynamic content and input from users to
achieve the same appeal as traditional applications within the desktop operating
systems. This is achieved by using languages such as SQL the most common being
MySQL. The attacker can gain unauthorized access to restricted data such as
usernames /passwords/email addresses etc. Using SQL injections, attackers can: Add new
data to the database. With some more advanced queries and tricky techniques the attacker
can potentially bypass the authentication and gain complete control over the web
application and potentially the web server. Perform an INSERT in the injected SQL-
Modify data currently in the database. Perform an UPDATE in the injected SQL - Often
can gain access to other users system capabilities by obtaining their password. Could be
embarrassing to find yourself selling politically incorrect items on an e-Commerce site.
Potrebbero piacerti anche
- Esij Setsrw Mca Saec05Documento4 pagineEsij Setsrw Mca Saec05ssNessuna valutazione finora
- SQL Injection ThesisDocumento8 pagineSQL Injection Thesispattybuckleyomaha100% (1)
- Reference 4 - Year 2013Documento6 pagineReference 4 - Year 2013abenezer ketemaNessuna valutazione finora
- Detection and Prevention of SQL Injection Attacks On Web ApplicationsDocumento7 pagineDetection and Prevention of SQL Injection Attacks On Web ApplicationsToheed Ejaz KhanNessuna valutazione finora
- Injection Attacks SQL InjectionDocumento6 pagineInjection Attacks SQL InjectionAkshat PattiwarNessuna valutazione finora
- Be Cyber AwareDocumento4 pagineBe Cyber AwareJales JaqueNessuna valutazione finora
- Singh - Analysis of SQLDocumento19 pagineSingh - Analysis of SQLAgustin galliNessuna valutazione finora
- Detection and Prevention of SQL Injectio PDFDocumento5 pagineDetection and Prevention of SQL Injectio PDFPramono PramonoNessuna valutazione finora
- SQL Injection Ethical Hacking GuideDocumento2 pagineSQL Injection Ethical Hacking GuideIan NdumiaNessuna valutazione finora
- RamificationAnalysisOfSQL InjectionDDocumento7 pagineRamificationAnalysisOfSQL InjectionDmichel.bernard.hackNessuna valutazione finora
- SQL Injection Detection and Prevention Techniques: University Technology MalaysiaDocumento8 pagineSQL Injection Detection and Prevention Techniques: University Technology MalaysiaPramono PramonoNessuna valutazione finora
- Literature Review On SQL InjectionDocumento8 pagineLiterature Review On SQL Injectionbsdavcvkg100% (1)
- Study On SQL Injection Attacks: Mode, Detection and PreventionDocumento7 pagineStudy On SQL Injection Attacks: Mode, Detection and PreventionssNessuna valutazione finora
- Research Paper SQL InjectionDocumento7 pagineResearch Paper SQL Injectioncjyjcyakf50% (2)
- SQL Injection Research Paper 2014Documento4 pagineSQL Injection Research Paper 2014asfhzehkf100% (1)
- Literature Review SQL InjectionDocumento5 pagineLiterature Review SQL Injectiongw1nm9nb100% (1)
- Detection of SQL Injection-Katole2018Documento6 pagineDetection of SQL Injection-Katole2018rafiNessuna valutazione finora
- SQL InjectionDocumento3 pagineSQL Injectiondanieldamalie9Nessuna valutazione finora
- SQL Injection DocumentationDocumento8 pagineSQL Injection Documentationahmed.nistas2001Nessuna valutazione finora
- Mini Project On Information and Cyber Security: SQL (Structured Query Language) InjectionDocumento9 pagineMini Project On Information and Cyber Security: SQL (Structured Query Language) Injectioncyan whiteNessuna valutazione finora
- Review Vijitha Presentation2Documento14 pagineReview Vijitha Presentation2vt vuyyuruNessuna valutazione finora
- Prevention of SQL Injection Using WhitelistingDocumento7 paginePrevention of SQL Injection Using WhitelistingIJRASETPublicationsNessuna valutazione finora
- B1e0 PDFDocumento13 pagineB1e0 PDFAnish AmatyaNessuna valutazione finora
- 6 FINAL KhaleelAhmad 2 ResearchCommunication Dec 2010Documento9 pagine6 FINAL KhaleelAhmad 2 ResearchCommunication Dec 2010Pankaj SinghNessuna valutazione finora
- Practical-6: SQL Injection OverviewDocumento6 paginePractical-6: SQL Injection OverviewAkash KataraNessuna valutazione finora
- Efficient Solution For SQL Injection Attack Detection and PreventionDocumento4 pagineEfficient Solution For SQL Injection Attack Detection and PreventionKarthik SNessuna valutazione finora
- SQL Injection Cheat SheetDocumento6 pagineSQL Injection Cheat SheetqabiswajitNessuna valutazione finora
- Thesis On SQL Injection AttackDocumento4 pagineThesis On SQL Injection Attackashleyallenshreveport100% (2)
- Reference 1 - 2017Documento13 pagineReference 1 - 2017abenezer ketemaNessuna valutazione finora
- A Review On SQL Injection Prevention Technique: Navu - Verma@yahoo - inDocumento6 pagineA Review On SQL Injection Prevention Technique: Navu - Verma@yahoo - inPankaj JindalNessuna valutazione finora
- SQL Injection Monitoring Security Vulnerabilities in Web ApplicationsDocumento6 pagineSQL Injection Monitoring Security Vulnerabilities in Web ApplicationsInternational Journal of Application or Innovation in Engineering & ManagementNessuna valutazione finora
- SQL InjectionDocumento4 pagineSQL InjectionAbdulkerimNessuna valutazione finora
- SSRN Id3141112Documento6 pagineSSRN Id3141112anisharoysamantNessuna valutazione finora
- The SQL Injection Technique: Fawaz AhmadDocumento2 pagineThe SQL Injection Technique: Fawaz Ahmadfawaz.gumbatNessuna valutazione finora
- SQL Injection Prevention PDFDocumento7 pagineSQL Injection Prevention PDFPramono PramonoNessuna valutazione finora
- InjectionDocumento1 paginaInjectionMulugeta Tesfaye TadesseNessuna valutazione finora
- INFS 311 AssignmentDocumento17 pagineINFS 311 AssignmentdumsaniNessuna valutazione finora
- SQL Injection: What Is It?Documento8 pagineSQL Injection: What Is It?Shabari GirishNessuna valutazione finora
- Integrigy Intro To SQL Injection AttacksDocumento24 pagineIntegrigy Intro To SQL Injection Attackskervin_dominguezNessuna valutazione finora
- Term Paper On SQL InjectionDocumento6 pagineTerm Paper On SQL InjectionaflspbnyuNessuna valutazione finora
- Task 12Documento5 pagineTask 12Sridhar PNessuna valutazione finora
- Manual SQL InjectionDocumento14 pagineManual SQL InjectionDigital WorldNessuna valutazione finora
- SQL Injection: Bachelor of TechnologyDocumento17 pagineSQL Injection: Bachelor of TechnologyMuqheed ShaikNessuna valutazione finora
- Reveiw of Tools Against Vulnerabilies in Web ApplicationsDocumento4 pagineReveiw of Tools Against Vulnerabilies in Web ApplicationsNilesh KunhareNessuna valutazione finora
- SQL Injection Types of SQL Injection Sniffing Working of SniffingDocumento9 pagineSQL Injection Types of SQL Injection Sniffing Working of SniffingFaryal AftabNessuna valutazione finora
- Backend Sec ApplicationDocumento183 pagineBackend Sec ApplicationKhusal PhogatNessuna valutazione finora
- Detection of SQL Injection Using Machine Learning: A SurveyDocumento8 pagineDetection of SQL Injection Using Machine Learning: A SurveyPramono PramonoNessuna valutazione finora
- Hacking Web SQL Injection PDFDocumento3 pagineHacking Web SQL Injection PDFFernandoNessuna valutazione finora
- Amnesia: Analysis and Monitoring For Neutralizing Sql-Injection AttacksDocumento10 pagineAmnesia: Analysis and Monitoring For Neutralizing Sql-Injection AttacksRossy ArtantiNessuna valutazione finora
- Framework of SQL Injection Attack: IJASCSE Vol 1 Issue 1 2012Documento12 pagineFramework of SQL Injection Attack: IJASCSE Vol 1 Issue 1 2012IJASCSENessuna valutazione finora
- A Method of Detecting SQL Injection Attack To Secure Web ApplicationsDocumento9 pagineA Method of Detecting SQL Injection Attack To Secure Web ApplicationsUsman AliNessuna valutazione finora
- curator,+CISSE v06 I01 p02 PDFDocumento24 paginecurator,+CISSE v06 I01 p02 PDFDaniel MopoNessuna valutazione finora
- OWASP Backend Security Project 1.0betaDocumento184 pagineOWASP Backend Security Project 1.0betaMobile TesterNessuna valutazione finora
- WP SQL Injection 20Documento11 pagineWP SQL Injection 20Abdul Basit ZulkefliNessuna valutazione finora
- Case Study On SQL InjectionDocumento5 pagineCase Study On SQL InjectionAtiya SharfNessuna valutazione finora
- Review of SQL Injection: Problems and Prevention: VOL 2 (2018) NO 3 - 2 e-ISSN: 2549-9904 ISSN: 2549-9610Documento5 pagineReview of SQL Injection: Problems and Prevention: VOL 2 (2018) NO 3 - 2 e-ISSN: 2549-9904 ISSN: 2549-9610Ayura Safa ChintamiNessuna valutazione finora
- Mehta 2015Documento15 pagineMehta 2015Jessica UrquizoNessuna valutazione finora
- Securing SQL Server: Protecting Your Database from AttackersDa EverandSecuring SQL Server: Protecting Your Database from AttackersNessuna valutazione finora
- Tugas English 3Documento2 pagineTugas English 33751Muhammad RizqiNessuna valutazione finora
- The Magical Number 5: Towards A Theory of Everything?Documento27 pagineThe Magical Number 5: Towards A Theory of Everything?cesarfrancaNessuna valutazione finora
- Analisa AgriculturalDocumento6 pagineAnalisa AgriculturalFEBRINA SARLINDA, STNessuna valutazione finora
- Bibliography and FootnotesDocumento2 pagineBibliography and FootnotesHannah de VeraNessuna valutazione finora
- Q1 Practical Research 2 - Module 1bDocumento15 pagineQ1 Practical Research 2 - Module 1bRhea Mae MacabodbodNessuna valutazione finora
- Vocology For The Singing Voice PDFDocumento120 pagineVocology For The Singing Voice PDFNathalia Parra Garza100% (2)
- Anger Management: Gaurav Sharma 138Documento21 pagineAnger Management: Gaurav Sharma 138gaurav_sharma_19900Nessuna valutazione finora
- Summative 1Documento4 pagineSummative 1Nean YsabelleNessuna valutazione finora
- Theories of PersonalityDocumento4 pagineTheories of PersonalityKeshav JhaNessuna valutazione finora
- Books & PeriodicalsDocumento1 paginaBooks & PeriodicalsDebabrat MishraNessuna valutazione finora
- 2017 Reviving Tribal Tattoo TraditionsDocumento3 pagine2017 Reviving Tribal Tattoo Traditions高權梁Nessuna valutazione finora
- Compressor-Less: Historical ApplicationsDocumento70 pagineCompressor-Less: Historical Applicationssuryakantshrotriya100% (1)
- The First-Fourth Books of The HitopadésaDocumento116 pagineThe First-Fourth Books of The HitopadésaMiguel RosaNessuna valutazione finora
- NIELIT Recruitment For Scientist and Technical Assistants 2017 Official NotificationDocumento6 pagineNIELIT Recruitment For Scientist and Technical Assistants 2017 Official NotificationKshitija100% (1)
- Silenat Berhanu SimaDocumento6 pagineSilenat Berhanu SimaSilenat BerhanuNessuna valutazione finora
- Anaximenes of MiletusDocumento4 pagineAnaximenes of MiletusRosel Gonzalo-AquinoNessuna valutazione finora
- Examiners' Report Principal Examiner Feedback January 2018Documento7 pagineExaminers' Report Principal Examiner Feedback January 2018WandaNessuna valutazione finora
- TM 9-1425-429-12-HR - Stinger - Training - Set - 1983 PDFDocumento34 pagineTM 9-1425-429-12-HR - Stinger - Training - Set - 1983 PDFWurzel1946Nessuna valutazione finora
- Cable Systems For High and Extra-High Voltage: Development, Manufacture, Testing, Installation and Operation of Cables and Their AccessoriesDocumento1 paginaCable Systems For High and Extra-High Voltage: Development, Manufacture, Testing, Installation and Operation of Cables and Their AccessorieseddisonfhNessuna valutazione finora
- THE INDIAN NAVY - Artificer Apprentice & Senior Secondary Recruit PDFDocumento3 pagineTHE INDIAN NAVY - Artificer Apprentice & Senior Secondary Recruit PDFUjjwalNessuna valutazione finora
- Cocoon 8002 PDFDocumento24 pagineCocoon 8002 PDFaxisNessuna valutazione finora
- Differential Settlement at Bridge ApproaDocumento5 pagineDifferential Settlement at Bridge ApproaVictor De los ReyesNessuna valutazione finora
- pm2 5 Sensor 201605Documento6 paginepm2 5 Sensor 201605Vennela NandikondaNessuna valutazione finora
- Palmiye Leaflet 2015 enDocumento4 paginePalmiye Leaflet 2015 ensaraju_felixNessuna valutazione finora
- Fire Alarm SymbolsDocumento6 pagineFire Alarm Symbolscarlos vasquezNessuna valutazione finora
- Law of DemandDocumento16 pagineLaw of DemandARUN KUMARNessuna valutazione finora
- Relations Between Lean Management and Organizational StructuresDocumento12 pagineRelations Between Lean Management and Organizational StructuresRENE JAVIER PACHECO SALASNessuna valutazione finora
- Beamforming For 4.9G/5G Networks: Exploiting Massive MIMO and Active Antenna TechnologiesDocumento12 pagineBeamforming For 4.9G/5G Networks: Exploiting Massive MIMO and Active Antenna TechnologiesAymen Ben zinebNessuna valutazione finora
- Thursday / January 2019 Thursday / January 2019Documento572 pagineThursday / January 2019 Thursday / January 2019Zie EikinNessuna valutazione finora
- 141 ISACA NACACS Auditing IT Projects Audit ProgramDocumento86 pagine141 ISACA NACACS Auditing IT Projects Audit Programkautaliya100% (6)
