Brute force attacks, DDOS, Botnet, Exploit, SQL injection

Slides:



Advertisements
Similar presentations
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
Advertisements

Understand Database Security Concepts
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Introduction The concept of “SQL Injection”
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Incident Response Updated 03/20/2015
Bill Gates’ RSA 2006 Keynote presentation Questions and answers.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
SQL Injection Jason Dunn. SQL Overview Structured Query Language For use with Databases Purpose is to retrieve information Main Statements Select Insert.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Advanced Accounting Information Systems Day 23 Operating Systems Security October 16, 2009.
Security. Security Flaws Errors that can be exploited by attackers Constantly exploited.
Course FAQ’s I do not have any knowledge on SQL concepts or Database Testing. Will this course helps me to get through all the concepts? What kind of.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
BY FIOLA CARVALHO TE COMP. CONTENTS  Malicious Software-Definition  Malicious Programs Backdoor Logic Bomb Trojan Horse Mobile Code Multiple-Threat.
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 1COMP9321, 15s2, Week.
Ingredients of Security
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Computer Security By Duncan Hall.
Oracle 11g: SQL Chapter 7 User Creation and Management.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
SQL Injection By: Ayman Mohamed Abdel Rahim Ali Ehab Mohamed Hassan Ibrahim Bahaa Eldin Mohamed Abdel Sabour Tamer Mohamed Kamal Eldin Jihad Ahmad Adel.
DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.
Network security Vlasov Illia
SQL Injection.
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
ETHICAL HACKING WHAT EXACTLY IS ETHICAL HACKING ? By : Bijay Acharya
Chapter 7: Identifying Advanced Attacks
Instructor Materials Chapter 7 Network Security
DDoS.
Systems Security Keywords Protecting Systems
Secure Software Confidentiality Integrity Data Security Authentication
Understand Core Security Principles
Teaching Computing to GCSE
Website Security Testing: Why Business Need It Very Badly.
Malware, Phishing and Network Policies
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Unit 1.6 Systems security Lesson 2
Network Security: DNS Spoofing, SQL Injection, ARP Poisoning
Lecture 2 - SQL Injection
Networking for Home and Small Businesses – Chapter 8
Lorenzo Biasiolo 3°AI INFORMATION SECURITY.
Protect Your Ecommerce Site From Hacking and Fraud
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
Networking for Home and Small Businesses – Chapter 8
WJEC GCSE Computer Science
Networking for Home and Small Businesses – Chapter 8
Cloud and Database Security
An overview over Botnets
Presentation transcript:

Brute force attacks, DDOS, Botnet, Exploit, SQL injection Keywords Brute force attacks, DDOS, Botnet, Exploit, SQL injection Systems Security Attacking Systems

Understand the concept of SQL injection. Attacks Objectives BEGINNER: Understand the meaning of DDOS and brute force attacks and explain the effects. ADVANCED: State how vulnerabilities can be exploited and how to protect against them. EXPERT: Understand the concept of SQL injection. Define: Brute Force Attack DDOS Starter activity

Understand the concept of SQL injection. Definitions Objectives BEGINNER: Understand the meaning of DDOS and brute force attacks and explain the effects. ADVANCED: State how vulnerabilities can be exploited and how to protect against them. EXPERT: Understand the concept of SQL injection. Brute Force Attack: Trial and error method. Can be used for gaining access to password-based entry systems. Consists of an attacker trying possible passwords and passphrases until a correct one is found. DDOS: Overloading a website with unwanted traffic. Uses a number of computers over a network of infected machines which send requests to a website which would bring it offline. Used as a ‘botnet. Starter activity

SQL Injection What are the effects of a successful attack? Define: Objectives BEGINNER: Understand the meaning of DDOS and brute force attacks and explain the effects. ADVANCED: State how vulnerabilities can be exploited and how to protect against them. EXPERT: Understand the concept of SQL injection. Define: SQL Injection What are the effects of a successful attack? Starter activity

SQL Injection Definition Objectives BEGINNER: Understand the meaning of DDOS and brute force attacks and explain the effects. ADVANCED: State how vulnerabilities can be exploited and how to protect against them. EXPERT: Understand the concept of SQL injection. Where an attacker can execute malicious SQL statements using software which controls a database management system. Can affect websites that use SQL-based databases Companies that use SQL include Google, YouTube, PayPal, eBay, Cisco. Exploits that have been identified must be patched quickly to reduce impact on businesses therefore important for organisations to update infrastructure regularly. By exploiting the vulnerabilities of SQL through injection, attackers could access systems containing customer data, intellectual property and other sensitive information. Starter activity

SQL Injection Definition Objectives BEGINNER: Understand the meaning of DDOS and brute force attacks and explain the effects. ADVANCED: State how vulnerabilities can be exploited and how to protect against them. EXPERT: Understand the concept of SQL injection. What is needed to carry out an SQL injection? A relational database using SQL at the time of the attack. Malicious code to be used in an SQL query when it is run in order for the injection attack to take place. The effects of a successful attack: Should an attacker gain access to the database, they could: Bypass authentication procedures and impersonate specific users. Execute queries, exposing data. Altering data, resulting in data integrity issues. Delete data Starter activity