Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter Torres, Tim Poley CS526 Spring 2009.  What is SQL Injection?  Basic Example  Case Studies  Defensive Techniques  Demo.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Peter Torres, Tim Poley CS526 Spring 2009.  What is SQL Injection?  Basic Example  Case Studies  Defensive Techniques  Demo."— Presentation transcript:

1 Peter Torres, Tim Poley CS526 Spring 2009

2  What is SQL Injection?  Basic Example  Case Studies  Defensive Techniques  Demo

3  SQL Injection is a code injection technique that exploits a security vulnerability at an applications database access layer.

4 1. Statement = "SELECT * FROM users WHERE name = '" + userName + "';" 2. Substitute “a' or 't'='t” instead of a real username 3. SELECT * FROM users WHERE name = 'a' OR 't'='t';

5  In July of 2005, Erin McCarty hacked the University of Southern California’s application website  Used the user login page to send commands directly to the school database  Access to names, birth dates, addresses, and social security numbers of any student who filled out an online application  McCarty faces a possible 10yr prison sentence

6  On August 12 th, 2007 the United Nations website was defaced by hackers

7  Type Checking  Make sure an 8 digit number is an 8 digit number  Escaping Special Characters  ;‘-  Data Hashing  Error Suppression  Hide information from hackers  Prepared Statements  Fix the SQL Statement before assigning user data

8

9  Database Programming with JDBC and Java 2 nd Edition; George Reese, O’Reilly  Hackademix – United Nations vs. SQL Injection http://hackademix.net/2007/08/12/united- nations-vs-sql-injections/ http://hackademix.net/2007/08/12/united- nations-vs-sql-injections/  Security Focus http://www.securityfocus.com/brief/191 http://www.securityfocus.com/brief/191  Wikipedia – SQL Injection http://en.wikipedia.org/wiki/Sql_injection http://en.wikipedia.org/wiki/Sql_injection

Download ppt "Peter Torres, Tim Poley CS526 Spring 2009.  What is SQL Injection?  Basic Example  Case Studies  Defensive Techniques  Demo."

Similar presentations

SQL Injection Stephen Frein Comcast.

SQL Injection Stephen Frein Comcast.
Understand Database Security Concepts

Understand Database Security Concepts
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.

Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.

SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.
DotNet Market Web Site “EMarket” Milena Natanov Project Supervisor: Victor Kulikov Lab Chief Engineer: Dr. Ilana David Semester spring, 2006 044167 – Project.

DotNet Market Web Site “EMarket” Milena Natanov Project Supervisor: Victor Kulikov Lab Chief Engineer: Dr. Ilana David Semester spring, – Project.
Misc. Announcements Backup your work! Document team members’ contributions (so that if there is any dispute …) More Bonus credits: Create screencasts for.

Misc. Announcements Backup your work! Document team members’ contributions (so that if there is any dispute …) More Bonus credits: Create screencasts for.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security.

SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security.
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Proposed Website By Raymond Chieng and Tim. This website design is based on a local Chinese restaurant which basically need to facilitate online ordering.

Proposed Website By Raymond Chieng and Tim. This website design is based on a local Chinese restaurant which basically need to facilitate online ordering.
Sql Server Advanced Features MIS 424 Professor Sandvig.

Sql Server Advanced Features MIS 424 Professor Sandvig.
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
SQL Injection Timmothy Boyd CSE 7330.

SQL Injection Timmothy Boyd CSE 7330.
Secure Software Development Mini Zeng University of Alabama in Huntsville 1.

Secure Software Development Mini Zeng University of Alabama in Huntsville 1.
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.

Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

Similar presentations

Ads by Google