Presentation is loading. Please wait.

Presentation is loading. Please wait.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

Published byHillary Crawford Modified over 9 years ago

Similar presentations

Presentation on theme: "-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application."— Presentation transcript:

1 -Ajay Babu.D y5cs022.

2 Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application hacking. How can protect the system? What should do after hacked?

3 Who is hacker? Hack Examine something very minutely Hacker The person who hacks Cracker System intruder/destroyer

4 History of hacking Telephone hacking Use telephone freely It ’ s called phreaking Computer virus Destroy many computers Network hacking Hack the important server remotely and destroy/modify/disclose the information

5 Types of hacking Normal data transfer InterruptionInterception ModificationFabrication

6 Do you know?  75% of attacks today happen at the Application (Gartner). Desktop augmented by Network and then Web Application Security.  Many “easy hacking recipes” published on web.  3 out of 4 vendor apps that are tested had serious SQL Injection bugs!  “The cost of correcting code in production increases up to 100 times as compared to in development...”

7 What do Hackers do? A few examples of Web application hacks SQL Injection Cross-site Scripting (# 1 threat today!)

8 SQL Injection Attacks “ SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically- generated string literals embedded in SQL statements. “ (Wikipedia)

9 SQL Injection Attacks Example of attack: SQL Query in Web application code: “SELECT * FROM users WHERE login = ‘” + username + “’ and password= ‘” + password + “’;” Hacker logs in as: ‘ or ‘’ = ‘’; -- SELECT * FROM users WHERE login = ‘’ or ‘’ = ‘’; --'; and password=‘’; Hacker deletes the users table with: ‘ or ‘’ = ‘’; DROP TABLE users; -- SELECT * FROM users WHERE login = ‘’ or ‘’=‘’; DROP TABLE users; --'; and password=‘’; SQL Injection examples are outlined in: http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf http://www.unixwiz.net/techtips/sql-injection.html

10 SQL Injection Attacks Demo

11

12

13 Cross-Site Scripting (XSS) Attacks

14 XSS: Script Injection Demo

15

16 Preventing SQL injection and XSS SCRUB Error handling Error messages divulge information that can be used by hacker… VALIDATE all user entered parameters CHECK data types and lengths DISALLOW unwanted data (e.g. HTML tags, JavaScript)

17 How can protect the system?  Encrypt important data  Ex).pgp,.ssh  Do not run unused information  Remove unused programs  Setup firewall  Ex) IP chain  Check unintentional change  Backup the system often

18 What should do after hacked? Shutdown the system Or turn off the system Separate the system from network Restore the system with the backup Or reinstall all programs It can be good to report the police

19 Thank you -Ajay Babu.D Y5cs022.

Download ppt "-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
How Did I Steal Your Database Mostafa

How Did I Steal Your Database Mostafa
What is hacking? Taeho Oh

What is hacking? Taeho Oh
9/9/2005 Developing Secure Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.

9/9/2005 Developing "Secure" Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.

An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
WaveMaker Visual AJAX Studio 4.0 Training Authentication.

WaveMaker Visual AJAX Studio 4.0 Training Authentication.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Attacking Applications: SQL Injection & Buffer Overflows.

Attacking Applications: SQL Injection & Buffer Overflows.

Similar presentations

Ads by Google