SQL Injection Attacks - PowerPoint PPT Presentation

About This Presentation
Title:

SQL Injection Attacks

Description:

SQL injection attack occurs through the insertion and execution of malicious SQL statements into the entry field of data-driven applications. It exploits security related vulnerabilities in the software of an application – PowerPoint PPT presentation

Number of Views:811
Slides: 15
Provided by: htshosting
Category: Other

less

Transcript and Presenter's Notes

Title: SQL Injection Attacks


1
SQL Injection Attacks
2
Table of Contents
  • Database
  • SQL
  • RDBMS
  • Uses of SQL
  • Applications of SQL
  • SQL Commands
  • SQL Injection
  • SQL Injections Categories
  • SQL Injection Attacks Impact
  • Examples of SQL Injection

3
DATABASE
  • Any structured information or data that is in the
    form of an organized collection and typically
    stored electronically is referred to as a
    database. A database management system (DBMS)
    usually controls a database. The data and the
    database management system along with the
    associated applications are known as the database
    system. Data that is in most of the databases is
    modelled in such a way that makes it easy to
    process and renders data querying efficient.
  • The data in a database can be accessed, managed,
    modified, updated, controlled and organized
    easily and efficiently. SQL (Structured Query
    Language) is used by most databases for the
    purpose of writing and querying data.
  • To digress, data of websites are stored on the
    web servers of web hosting companies. The best
    web hosts are often referred to as the Best
    Windows Hosting Company or as the Best Linux
    Hosting Company or as the Top Cloud Hosting
    Company.

4
SQL
  • YELLOW
  • SQL is the abbreviation for Structured Query
    Language. Almost all the relational databases
    use the programming language, SQL, for querying,
    manipulating as well as defining data and
    providing access control. Despite being an
    ANSI/ISO standard, there are various versions of
    the SQL language.

5

RDBMS
  • RDBMS is the abbreviation for Relational Database
    Management System. It is a database in which data
    is stored in tables, so that the data can be used
    in relation to other stored datasets. Most of the
    databases that are used by businesses are
    relational databases. RDBMS serves as the basis
    for SQL as well as for all modern database
    systems.

6
Uses of SQL
  • The uses of SQL are mentioned below. These uses
    shed light on the operations that are performed
    with regard to a database.
  • A new database can be created with SQL
  • New data can be inserted in the database
  • Previous data can be modified or updated
  • Data can be retrieved from the database
  • Data can be deleted
  • A new table can be created in one database and it
    can be dropped as well
  • Permissions can be set for table, procedures and
    views
  • Function, views and stored procedures can be
    created

7
Applications of SQL
A few of the applications of SQL are mentioned
below. SQL functions as a Data Defining Language
(DDL). Hence, it can be used to make a database
autonomously and to characterize its structure.
It is a Data Control Language (DCL) that is used
to determine the way in which an information base
can be ensured against debasement and misuse. SQL
acts as a Data Manipulation Language (DML). This
helps to keep a database that existed
previously. It is used widely as a Client or
Server language. It can be used with regard to
the three-level design that characterizes the
Internet architecture.
8
1-800-123 -8156
  • Whoa! Thats a big number, arent you proud?

9
SQL Commands
  • SQL commands can be divided into 3 categories
    with regard to ones work. These are mentioned
    below.
  • Data Definition Language (DDL) DDL has three
    parts, which are create, alter and drop. Create
    is used to create a new object in a database.
    Alter is used for modifying objects in a
    database. Drop is used to delete an object.
  • Data Manipulation Language (DML) DML has 4
    parts, which are select, insert, update and
    delete. Select is used to retrieve one or more
    data. A new record can be entered by using
    Insert. Update is used to modify a record. By
    using Delete a record can be deleted.
  • Data Control Language (DCL) DCL has 2 parts,
    which are grant and revoke. Grant gives
    permission to users. Revoke is used to deny
    permission.

10
SQL Injection
  • SQL injection refers to a malicious code
    injection technique in which malicious code is
    inserted in SQL statements through web page
    input. It is used for the purpose of attacking
    data-driven applications by inserting malicious
    SQL statements into an entry field for execution.
    It is used frequently as a web hacking technique.
    In it arbitrary SQL commands are inserted in the
    queries, which are made by a web application to
    its database.
  •  SQL injection exploits security vulnerability
    that exists in any applications software. It is
    known to be an attack vector for websites but it
    can be used to attack SQL database of any type.
    With the aid of SQL injection attackers can spoof
    identity as well as tamper with existing data. It
    can be used to cause repudiation issues.

11
SQL Injections Categories
  • There are 3 major categories of SQL injections
    which are mentioned below.
  • In-band SQLi- It takes place when an attacker
    uses a single communication channel to launch an
    attack and gather results.
  • Inferential SQLi- In it an attacker can
    reconstruct the database structure. This is done
    by sending payloads, observing the response of
    the web application and the database servers
    resulting behavior.
  • Out-of-band SQLi- It occurs in the event that an
    attacker is unable to make use of the same
    channel for launching an attack and gathering the
    results.

12
SQL Injection Attacks Impact
  • An SQL injection attack that is successful leads
    to the following-
  • Unauthorized access to sensitive data
  • Damage to reputation
  • Regulatory fines

13
Examples of SQL Injection
  • The most common examples of SQL injection are
    mentioned below.
  • Retrieving hidden data- In it an SQL query can be
    modified to return additional results.
  • Subverting application logic- In it a query can
    be changed to interfere with the application's
    logic.
  • UNION attacks- It retrieves data from various
    database tables.
  • Examining the database- Information related to
    the version and structure of a database can be
    extracted.
  • Blind SQL injection- In it the results of a query
    that is being controlled, are not returned in the
    responses of the application.

14
Thanks!
  • ANY QUESTIONS?
  • You can find me at
  • www.htshosting.org

  • support_at_htshosting.org
Write a Comment
User Comments (0)
About PowerShow.com