SQL INJECTION AND PREVENTION
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
seminar class
Active In SP
**

Posts: 5,361
Joined: Feb 2011
#1
01-03-2011, 11:49 AM



.pptx   SQL INJECTION AND PREVENTION.pptx (Size: 557.4 KB / Downloads: 116)
SQL INJECTION AND PREVENTION
WHAT IS SQL?

 SQL stands for STRUCTURED QUERY LANGUAGE.
 Structured Query Language ('SQL') is a textual language used to interact with relational databases.
 SQL is used to make website.
 The original version called SEQUEL (structured English query language) was designed by an IBM research center in 1974 and 1975.
• There are several ANSI/ISO standards such as ANSI 92, one of the most popular
• SQL is a universal language of databases that allows the storage, manipulation, and retrieval of data.
• Database is maintained in table form.
• SQL can perform:
o Execute queries against database.
o Retrieve data from the database.
o Insert new record in database.
o Delete a record from database.
o Update records in the database.
SQL falls into two classes:
 Data Manipulation Language (DML) - SQL for retrieving and storing data.
 Data Design Language (DDL) - SQL for creating, altering and dropping tables.
 Databases that use SQL include MS SQL Server, MySQL, Oracle, Access and Filemaker Pro.
Tables
• In an SQL database there are tables which store information.
• Tables can store any information on a website, ranging from usernames , passwords, and addresses, to text displayed on a webpage, such as a link or page header.
• Tables have columns in which the records (information) are kept.
• Each table has a name and each column has a name.
• Figure A below shows an example table*
• The table's name is "Names" and its columns' names are "FIRST" and "LAST ".
• This table is storing the names of people; there are two total records, "John Doe" and "Jane Smith ".
SQL QUERIES :-
 The typical unit of execution of SQL is the query.
 An SQL query is a request for some action to be performed on a database.
 It is a collection of statements that typically return a single result set.
 Using a query as this:-
SELECT lastname
FROM users
WHERE userid=1;
 Will retrieve the lastname of from user table where id is 1.
Sql injection
 SQL injection is a type of security exploit in which the attacker adds SQL statements through a web application's input fields or hidden parameters to gain access to resources or make changes to data.
 SQL injection attacks are also known as SQL insertion attacks.
 SQL Injection is a technique to hack the database.
 SQL injection is not a direct database problem but rather an application issue that indirectly affects the database system.
 SQL injection is currently the most common form of website attack.
Reply
seminar addict
Super Moderator
******

Posts: 6,592
Joined: Jul 2011
#2
10-02-2012, 11:04 AM

to get information about the topic sql injection attack prevention full report ,ppt and related topic refer the link bellow

topicideashow-to-prevention-of-sql-injection-and-data-thefts-using-divide-and-conquer-approach

topicideashow-to-sql-injection-and-prevention?pid=38426#pid38426

topicideashow-to-wasp-against-sql-injection-attacks-in-java

topicideashow-to-sql-injection-a-seminar and presentation-report?pid=33473
Reply
seminar paper
Active In SP
**

Posts: 6,455
Joined: Feb 2012
#3
13-03-2012, 02:37 PM

SQL INJECTION


.pptx   sql.pptx (Size: 409.27 KB / Downloads: 29)

Introduction

SQL injection is a basic attack used either to
gain unauthorized access to a database.
retrieve information directly from the database.
The basic principles underlying SQL injection are simple and these types of attacks are easy to execute.


Scope of Attack

Application Software having data base at the back end such as accounting packages, automation systems etc.
Web applications such as online banking, ecommerce systems etc.

Query Manipulation

Query manipulation typically involves modifying the SQL statement through set operations (e.g., UNION) or
altering the WHERE clause to return a different result.
The most well known attack is to modify the WHERE clause of the user authentication statement so the WHERE clause always results in TRUE.

What’s Vulnerable?

An application is vulnerable to SQL injection for only one reason – end user string input is not properly validated and is passed to a dynamic SQL statement without any such validation.
Stateless nature of many web applications, allows the user to write data to the database or store it using some other means between web pages.




Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

Quick Reply
Message
Type your reply to this message here.


Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  SQL INJECTION A SEMINAR REPORT Computer Science Clay 9 9,454 18-03-2014, 04:28 AM
Last Post: MichaelKa
  Optimization of Horizontal Aggregation in SQL Report study tips 0 321 14-06-2013, 02:53 PM
Last Post: study tips
  PL/SQL Tutorial pdf study tips 0 229 10-05-2013, 02:32 PM
Last Post: study tips
  SQL: Structured Query Language PPT study tips 0 574 28-02-2013, 11:06 AM
Last Post: study tips
  SQL COMMANDS REPORT study tips 0 403 11-02-2013, 10:15 AM
Last Post: study tips
  Horizontal Aggregations in SQL to Prepare Data Report project girl 0 317 01-02-2013, 02:31 PM
Last Post: project girl
  SQL Server Integration Services pdf project girl 0 327 30-01-2013, 01:45 PM
Last Post: project girl
  Horizontal Aggregations in SQL to Prepare Data Sets for Data Mining Analysis pdf project girl 0 529 24-01-2013, 01:01 PM
Last Post: project girl
  MORE ON DATABASES AND SQL pdf project girl 0 289 18-01-2013, 02:40 PM
Last Post: project girl
  MY-SQL TUNING AND SCALING REPORT project girl 0 287 18-01-2013, 11:39 AM
Last Post: project girl