-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

Slides:

Advertisements

Similar presentations

Module XIV SQL Injection

Advertisements

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

How Did I Steal Your Database Mostafa

What is hacking? Taeho Oh

9/9/2005 Developing "Secure" Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.

Introduction The concept of “SQL Injection”

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

CSCI 6962: Server-side Design and Programming Secure Web Programming.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

WaveMaker Visual AJAX Studio 4.0 Training Authentication.

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

Attacking Applications: SQL Injection & Buffer Overflows.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

ColdFusion Security Michael Smith President TeraTech, Inc ColdFusion, Database & VB custom development

Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

Accessing Your MySQL Database from the Web with PHP (Ch 11) 1.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.

October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

Input Validation – common associated risks  ______________ user input controls SQL statements ultimately executed by a database server

SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.

Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.

Web Applications Testing By Jamie Rougvie Supported by.

By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.

Web Security SQL Injection, XSS, CSRF, Parameter Tampering, DoS Attacks, Session Hijacking SoftUni Team Technical Trainers Software University

Web Application Vulnerabilities ECE 4112 Internetwork Security, Spring 2005 Chris Kelly Chris Lewis April 28, 2005 ECE 4112 Internetwork Security, Spring.

Security Considerations Steve Perry

Copyright Security-Assessment.com 2004 Security-Assessment.com Advances in Web Application Hacking by Nick von Dadelszen.

KaaShiv InfoTech Ethical Hacking For Inplant Training / I nternship, please download th e "Inplant training registration form" fr om our website

Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.

Preventing MySQL Injection Sonja Parson COSC 5010 Security Presentation April 26, 2005.

What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.

EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.

Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.

Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.

INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.

Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.

Defending Applications Against Command Insertion Attacks Penn State Web Conference 2003 Arthur C. Jones June 18, 2003.

SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.

Microsoft SQL is known as RDMS (Relational Database Management System) which is developed by Microsoft and is highly used at corporate and enterprise.

SQL INJECTION Lecturer: A.Prof.Dr. DANG TRAN KHANH Student :Le Nguyen Truong Giang.

Non Functional Testing. Contents Introduction – Security Testing Why Security Test ? Security Testing Basic Concepts Security requirements - Top 5 Non-Functional.

PRESENTED BY : Bhupendra Singh

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

Introduction SQL Injection is a very old security attack. It first came into existence in the early 1990's ex: ”Hackers” movie hero does SQL Injection.

Cosc 5/4765 Database security. Database Databases have moved from internal use only to externally accessible. –Organizations store vast quantities of.

Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.

Defense In Depth: Minimizing the Risk of SQL Injection

Group 18: Chris Hood Brett Poche

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Cross-Site Scripting Travis Deyarmin.

PHP: Security issues FdSc Module 109 Server side scripting and

Chapter 13 Security Methods Part 3.

Presentation transcript:

-Ajay Babu.D y5cs022.

Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application hacking. How can protect the system? What should do after hacked?

Who is hacker? Hack Examine something very minutely Hacker The person who hacks Cracker System intruder/destroyer

History of hacking Telephone hacking Use telephone freely It ’ s called phreaking Computer virus Destroy many computers Network hacking Hack the important server remotely and destroy/modify/disclose the information

Types of hacking Normal data transfer InterruptionInterception ModificationFabrication

Do you know?  75% of attacks today happen at the Application (Gartner). Desktop augmented by Network and then Web Application Security.  Many “easy hacking recipes” published on web.  3 out of 4 vendor apps that are tested had serious SQL Injection bugs!  “The cost of correcting code in production increases up to 100 times as compared to in development...”

What do Hackers do? A few examples of Web application hacks SQL Injection Cross-site Scripting (# 1 threat today!)

SQL Injection Attacks “ SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically- generated string literals embedded in SQL statements. “ (Wikipedia)

SQL Injection Attacks Example of attack: SQL Query in Web application code: “SELECT * FROM users WHERE login = ‘” + username + “’ and password= ‘” + password + “’;” Hacker logs in as: ‘ or ‘’ = ‘’; -- SELECT * FROM users WHERE login = ‘’ or ‘’ = ‘’; --'; and password=‘’; Hacker deletes the users table with: ‘ or ‘’ = ‘’; DROP TABLE users; -- SELECT * FROM users WHERE login = ‘’ or ‘’=‘’; DROP TABLE users; --'; and password=‘’; SQL Injection examples are outlined in:

SQL Injection Attacks Demo

Cross-Site Scripting (XSS) Attacks

XSS: Script Injection Demo

Preventing SQL injection and XSS SCRUB Error handling Error messages divulge information that can be used by hacker… VALIDATE all user entered parameters CHECK data types and lengths DISALLOW unwanted data (e.g. HTML tags, JavaScript)

How can protect the system?  Encrypt important data  Ex).pgp,.ssh  Do not run unused information  Remove unused programs  Setup firewall  Ex) IP chain  Check unintentional change  Backup the system often

What should do after hacked? Shutdown the system Or turn off the system Separate the system from network Restore the system with the backup Or reinstall all programs It can be good to report the police

Thank you -Ajay Babu.D Y5cs022.