Uploaded byEdureka!
Application Security | Application Security Tutorial | Cyber Security Certification Course | Edureka
The document provides an overview of a cybersecurity certification training course, covering topics such as application security, SQL injection attacks, and the importance of protecting networks and data from various cyber threats. It outlines key vulnerabilities in web applications and emphasizes the need for practices like end-user education and disaster recovery. The course aims to equip individuals with knowledge on securing applications against external threats and common attack vectors.
Application Security | Application Security Tutorial | Cyber Security Certification Course | Edureka
- 2. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Agenda 01 Introduction to Cybersecurity 02 What is Application Security? 03 SQL Injection Attack
- 3. Copyright © 2018,edureka and/or its affiliates. All rights reserved. Introduction to Cybersecurity
- 4. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Evolution Of Internet THEN NOW Communicating to each other Playing games, shopping, reading news etc
- 5. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Cyberattack Phishing Malware DDoS MITM
- 6. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Phishing Malware DDoS MITM
- 7. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training CYBER
- 8. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Cybersecurity Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Application Security Network Security Information Security Operational Security Disaster Recovery End-user Education
- 9. Copyright © 2018,edureka and/or its affiliates. All rights reserved. Application Security
- 10. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Application Security ApplicationApplication security is the use of software, hardware, and procedural methods to protect applications from external threats.
- 11. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Why Target Applications? Inherent complexity of the application source code Ease of execution, automated attacks against multiple targets High value rewards for sensitive data breach
- 12. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Top Web Application Vulnerabilities Cross-site Scripting Cross-site Request Forgery Remote File Inclusion SQL Injection Broken Access Control Broken Authentication
- 13. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Web Application Security Checklist Web Application Firewalls Information Gathering Authorization Cryptography Resilience against attacks
- 14. Copyright © 2018,edureka and/or its affiliates. All rights reserved. SQL Injection Attack
- 15. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training SQL Injection SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId; User ID: 105 OR 1=1 SELECT * FROM Users WHERE UserId = 105 OR 1=1; The SQL query will return all the rows from Users table, since OR 1=1 is always true
- 16. Copyright © 2018,edureka and/or its affiliates. All rights reserved. Demo: SQL Injection Attack
- 17. Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training