Edureka!, profile picture
Uploaded byEdureka!
1,041 views

What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybersecurity Training | Edureka

The document outlines cybersecurity certification training focused on application security, particularly targeting SQL injection attacks. It explains what SQL injection is, its types, and the potential impacts, including extracting sensitive information and deleting data. It also provides prevention strategies such as static and dynamic testing, using parameterized queries, and implementing web-application firewalls.

Technology
Related topics:
Ethical Hacking Training
In this document
Powered by AI

Overview of Edureka's Cybersecurity Certification Training and agenda outlining key topics.

Discusses application security and its importance in cybersecurity, detailing vulnerabilities and percentage occurrences.

Explains SQL injection, including its mechanism, accompanied by technical and non-technical examples of attacks.

Explains SQL injection, including its mechanism, accompanied by technical and non-technical examples of attacks.

Describes the effects of SQL injection attacks and categorizes different types of SQL injection techniques.

Demonstrates SQL injection attack types and outlines prevention methods such as testing and using parameterized queries.

Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Agenda What is Application Security? What is SQL Injection Attack? Types of SQL Injection Attacks Demo - SQL Injection Attack types Prevention of SQL Injection attack 01 02 03 04 05
Copyright © 2019, edureka and/or its affiliates. All rights reserved. Application Security
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Cybersecurity Application Security Network Security Information Security Operational Security Disaster Recovery End-user Education Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Web Application Vulnerabilities Application Security Application security is the use of software, hardware, and procedural methods to protect applications from external threats. 0% 10% 20% 30% 40% 50% 0.06% 0.19% 0.63% 1.69% 2.19% 2.19% 2.44% 2.75% 8.63% 9.69% 18.01% 4.57% 46.97% Denial of Service XML External Entity Open Direct General Bypass Authentication Bypass Remote File Inclusion Full Path Disclosure Remote Code Execution Local File Inclusion Cross Site Request Forgery File Upload SQL Injection Cross Site Scripting
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training
Copyright © 2019, edureka and/or its affiliates. All rights reserved. What is SQL Injection?
Front End: HTML, CSS, JavaScript The need for more advanced technology and dynamic websites grew. Database: MySQL, Oracle, MongoDB Back End: .NET, PHP, Ruby, Python In the early days of internet, building websites was pretty straightforward
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training What is SQL Injection? A SQL query is in one way an application interacts with database An SQL Injection occurs when an application fails to sanitize the user input data An attacker can use specially crafted SQL commands to control web application’s database server
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training SQL Injection Attack – Non Technical Explanation Drive through <route> and <where should the bus stop?> if <when should the bus stop?>. Sample populated form Drive through route77 and stop at the bus stop if there are people at the bus stop Drive through route77 and do not stop at the bus stop and ignore the rest of the from. if there are people at the bus stop
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training SQL Injection Attack – Technical Explanation Sample SQL statement $statement = “SELECT * FROM users WHERE username = ‘$user’ AND password = ‘$password‘“; $statement = “SELECT * FROM users WHERE username = ‘Dean’ AND password = ‘WinchesterS’“; Sample SQL Injection Condition that will always be true, thereby it is accepted as a valid input by the application Instructs the SQL parser that the rest of the line is a comment and should not be executed $statement = “SELECT * FROM users WHERE username = ‘Dean OR ‘1’=‘1’ --‘AND password = ‘WinchesterS’“;
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Impact of SQL Injection Attack Extract sensitive information Misusing authentication details Delete data and drop tables
Copyright © 2019, edureka and/or its affiliates. All rights reserved. Types of SQL Injection
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Categories of SQL Injection SQL Injection Error-based Union-based In-Band SQLi Blind SQLi Out-of-bound SQLi Boolean-based Time-based
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Error BasedError Based Types of SQL Injection Error-based SQL Injection Union-based SQL Injection Union Based Boolean Based Time Based Out-of-bound https://example.com/index.php?id=1 AND SELECT "mysql" UNION SELECT @@version https://example.com/index.php?id=1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)-- https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',true,false) https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',sleep(3),false)) Out-of-boundTime BasedUnion Based Boolean Based
Copyright © 2019, edureka and/or its affiliates. All rights reserved. Demo – Types of SQL Injection
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training Preventing SQL Injection Performing static and dynamic testing Using parameterized queries and ORMs Using escape characters in SQL queries Enforcing least privilege on database Enabling web-application firewalls
Copyright © 2019, edureka and/or its affiliates. All rights reserved. Exploiting SQL Vulnerability in Application
Cybersecurity Certification Training www.edureka.co/cybersecurity-certification-training

More Related Content

PPTX
SQL Injection
bySayed Ahmad Naweed
 
PPTX
SQL Injections (Part 1)
byn|u - The Open Security Community
 
PPTX
Sql injection
byZidh
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
PPT
Sql injection
byNitish Kumar
 
PPT
Sql injection attack
byRajKumar Rampelli
 
PPT
SQL Injection
byAdhoura Academy
 
PPT
Sql injection
byPallavi Biswas
 
SQL Injection
bySayed Ahmad Naweed
 
SQL Injections (Part 1)
byn|u - The Open Security Community
 
Sql injection
byZidh
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
Sql injection
byNitish Kumar
 
Sql injection attack
byRajKumar Rampelli
 
SQL Injection
byAdhoura Academy
 
Sql injection
byPallavi Biswas
 

What's hot

PPT
A Brief Introduction in SQL Injection
bySina Manavi
 
PPTX
Sql injections - with example
byPrateek Chauhan
 
PPTX
SQL INJECTION
byMentorcs
 
PPTX
Sql injection - security testing
byNapendra Singh
 
PPTX
Xss attack
byManjushree Mashal
 
PPTX
seminar report on Sql injection
byJawhar Ali
 
PPTX
Web application security
byKapil Sharma
 
PDF
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
PPTX
Sql injection attack
byRaghav Bisht
 
PPTX
Ppt on sql injection
byashish20012
 
PPTX
Application security
byHagar Alaa el-din
 
PPSX
Web security
bykareem zock
 
PPTX
Sql injection
bySasha-Leigh Garret
 
PDF
How to identify and prevent SQL injection
byEguardian Global Services
 
PPTX
Sql injection in cybersecurity
bySanad Bhowmik
 
PPT
Application Security
byReggie Niccolo Santos
 
PDF
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
byPichaya Morimoto
 
PPTX
SQL Injection
byAsish Kumar Rath
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
PDF
Penetration Testing Guide
byBadawy Abd El-Aziz
 
A Brief Introduction in SQL Injection
bySina Manavi
 
Sql injections - with example
byPrateek Chauhan
 
SQL INJECTION
byMentorcs
 
Sql injection - security testing
byNapendra Singh
 
Xss attack
byManjushree Mashal
 
seminar report on Sql injection
byJawhar Ali
 
Web application security
byKapil Sharma
 
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
Sql injection attack
byRaghav Bisht
 
Ppt on sql injection
byashish20012
 
Application security
byHagar Alaa el-din
 
Web security
bykareem zock
 
Sql injection
bySasha-Leigh Garret
 
How to identify and prevent SQL injection
byEguardian Global Services
 
Sql injection in cybersecurity
bySanad Bhowmik
 
Application Security
byReggie Niccolo Santos
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
byPichaya Morimoto
 
SQL Injection
byAsish Kumar Rath
 
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
Penetration Testing Guide
byBadawy Abd El-Aziz
 

Similar to What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybersecurity Training | Edureka

PDF
SQL Injection Attack Guide for ethical hacking
byAyan Live Rourkela
 
PPT
Web security 2010
byAlok Babu
 
DOCX
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
PPSX
Web application security
bywww.netgains.org
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
PPTX
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
PDF
Cryptoghaphy
byanita bodke
 
PPTX
Web Security: SQL Injection
byVortana Say
 
PPTX
Code injection and green sql
byKaustav Sengupta
 
PPTX
Greensql2007
byKaustav Sengupta
 
PPTX
Whatis SQL Injection.pptx
bySimplilearn
 
PDF
My app is secure... I think
byWim Godden
 
PPTX
SQL Injection attack
byRayudu Babu
 
PPTX
Sql injection
byManjushree Mashal
 
PPTX
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 
PPTX
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
PPTX
We are all info sec
byMichael Swinarski
 
PDF
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
PDF
Protect Your Database_ SQL Injection Attack Prevention.pdf
bySachin FromDev
 
PPT
SQL Injection
byguest378d3c
 
SQL Injection Attack Guide for ethical hacking
byAyan Live Rourkela
 
Web security 2010
byAlok Babu
 
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
Web application security
bywww.netgains.org
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
Cryptoghaphy
byanita bodke
 
Web Security: SQL Injection
byVortana Say
 
Code injection and green sql
byKaustav Sengupta
 
Greensql2007
byKaustav Sengupta
 
Whatis SQL Injection.pptx
bySimplilearn
 
My app is secure... I think
byWim Godden
 
SQL Injection attack
byRayudu Babu
 
Sql injection
byManjushree Mashal
 
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
We are all info sec
byMichael Swinarski
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
Protect Your Database_ SQL Injection Attack Prevention.pdf
bySachin FromDev
 
SQL Injection
byguest378d3c
 

More from Edureka!

PDF
What to learn during the 21 days Lockdown | Edureka
byEdureka!
 
PDF
Top 10 Dying Programming Languages in 2020 | Edureka
byEdureka!
 
PDF
Top 5 Trending Business Intelligence Tools | Edureka
byEdureka!
 
PDF
Tableau Tutorial for Data Science | Edureka
byEdureka!
 
PDF
Python Programming Tutorial | Edureka
byEdureka!
 
PDF
Top 5 PMP Certifications | Edureka
byEdureka!
 
PDF
Top Maven Interview Questions in 2020 | Edureka
byEdureka!
 
PDF
Linux Mint Tutorial | Edureka
byEdureka!
 
PDF
How to Deploy Java Web App in AWS| Edureka
byEdureka!
 
PDF
Importance of Digital Marketing | Edureka
byEdureka!
 
PDF
RPA in 2020 | Edureka
byEdureka!
 
PDF
Email Notifications in Jenkins | Edureka
byEdureka!
 
PDF
EA Algorithm in Machine Learning | Edureka
byEdureka!
 
PDF
Cognitive AI Tutorial | Edureka
byEdureka!
 
PDF
AWS Cloud Practitioner Tutorial | Edureka
byEdureka!
 
PDF
Blue Prism Top Interview Questions | Edureka
byEdureka!
 
PDF
Big Data on AWS Tutorial | Edureka
byEdureka!
 
PDF
A star algorithm | A* Algorithm in Artificial Intelligence | Edureka
byEdureka!
 
PDF
Kubernetes Installation on Ubuntu | Edureka
byEdureka!
 
PDF
Introduction to DevOps | Edureka
byEdureka!
 
What to learn during the 21 days Lockdown | Edureka
byEdureka!
 
Top 10 Dying Programming Languages in 2020 | Edureka
byEdureka!
 
Top 5 Trending Business Intelligence Tools | Edureka
byEdureka!
 
Tableau Tutorial for Data Science | Edureka
byEdureka!
 
Python Programming Tutorial | Edureka
byEdureka!
 
Top 5 PMP Certifications | Edureka
byEdureka!
 
Top Maven Interview Questions in 2020 | Edureka
byEdureka!
 
Linux Mint Tutorial | Edureka
byEdureka!
 
How to Deploy Java Web App in AWS| Edureka
byEdureka!
 
Importance of Digital Marketing | Edureka
byEdureka!
 
RPA in 2020 | Edureka
byEdureka!
 
Email Notifications in Jenkins | Edureka
byEdureka!
 
EA Algorithm in Machine Learning | Edureka
byEdureka!
 
Cognitive AI Tutorial | Edureka
byEdureka!
 
AWS Cloud Practitioner Tutorial | Edureka
byEdureka!
 
Blue Prism Top Interview Questions | Edureka
byEdureka!
 
Big Data on AWS Tutorial | Edureka
byEdureka!
 
A star algorithm | A* Algorithm in Artificial Intelligence | Edureka
byEdureka!
 
Kubernetes Installation on Ubuntu | Edureka
byEdureka!
 
Introduction to DevOps | Edureka
byEdureka!
 

Recently uploaded

PDF
AI64 - Mapping the Next Generation of Enterprise Software | Redpoint Ventures
byRazin Mustafiz
 
PDF
CymruSec 2025 - Wales' Inaugural Cyber Summit
byRay Bugg
 
PDF
Build Agentic AI Applications with Oracle AI Database Private Agent Factory -...
bySandesh Rao
 
PDF
The Invisible Threads: How 'Connection' Builds the Smartest Organizations. By...
byTheta Prime Institute, Cheyenne, Wyoming, USA.
 
PPTX
Flutter for Beginners widgets types.pptx
byKongu Engineering College, Perundurai, Erode
 
PDF
The State of Adventure Capital - Grant Gregory | Cantos
byRazin Mustafiz
 
PDF
Immer vorne mit dabei sein - Roaming leicht gemacht
bypanagenda
 
PDF
Transcript: Embedding sustainability: Tips for ebook and print production - T...
byBookNet Canada
 
PDF
Integrare AI e Automazione con UiPath Agent Builder
byUiPathCommunity
 
PPTX
Stop Worrying, Start Wiring: Azure Serverless for the AI Era
byMuralidharan Deenathayalan
 
PDF
Embracing Karpenter to scale, optimise and upgrade Kubernetes
byMarko Bevc
 
PDF
Ready, set, go: Pre-fall sales trends and data-driven insights - Tech Forum 2025
byBookNet Canada
 
PDF
SQL Server BI Modeling Designing Data for Success with SqlDBM.pdf
bySQL DBM
 
PDF
Generation Data Sets - Unique, Useful... Understandable?.pdf
byPrecisely
 
PDF
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
PDF
FME Realize in the Real World - The Power of Spatial Computing in Action
bySafe Software
 
PDF
How does a computer vision development company help retailers decode consumer...
byNextbrain Technologies
 
PDF
n8n - Next Generation Workflow Automation with Open Source
byDaisuke Masuda
 
PDF
Linux Day Prato 2025: NixOS spiegato ammiocuggino - NixOS for Human Beings
byPeter Bittner
 
PDF
Session 3 - UiPath Coded Agents & MCP Server in Action
byDianaGray10
 
AI64 - Mapping the Next Generation of Enterprise Software | Redpoint Ventures
byRazin Mustafiz
 
CymruSec 2025 - Wales' Inaugural Cyber Summit
byRay Bugg
 
Build Agentic AI Applications with Oracle AI Database Private Agent Factory -...
bySandesh Rao
 
The Invisible Threads: How 'Connection' Builds the Smartest Organizations. By...
byTheta Prime Institute, Cheyenne, Wyoming, USA.
 
Flutter for Beginners widgets types.pptx
byKongu Engineering College, Perundurai, Erode
 
The State of Adventure Capital - Grant Gregory | Cantos
byRazin Mustafiz
 
Immer vorne mit dabei sein - Roaming leicht gemacht
bypanagenda
 
Transcript: Embedding sustainability: Tips for ebook and print production - T...
byBookNet Canada
 
Integrare AI e Automazione con UiPath Agent Builder
byUiPathCommunity
 
Stop Worrying, Start Wiring: Azure Serverless for the AI Era
byMuralidharan Deenathayalan
 
Embracing Karpenter to scale, optimise and upgrade Kubernetes
byMarko Bevc
 
Ready, set, go: Pre-fall sales trends and data-driven insights - Tech Forum 2025
byBookNet Canada
 
SQL Server BI Modeling Designing Data for Success with SqlDBM.pdf
bySQL DBM
 
Generation Data Sets - Unique, Useful... Understandable?.pdf
byPrecisely
 
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
FME Realize in the Real World - The Power of Spatial Computing in Action
bySafe Software
 
How does a computer vision development company help retailers decode consumer...
byNextbrain Technologies
 
n8n - Next Generation Workflow Automation with Open Source
byDaisuke Masuda
 
Linux Day Prato 2025: NixOS spiegato ammiocuggino - NixOS for Human Beings
byPeter Bittner
 
Session 3 - UiPath Coded Agents & MCP Server in Action
byDianaGray10
 

What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybersecurity Training | Edureka

  • 1.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training
  • 2.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Agenda What is Application Security? What is SQL Injection Attack? Types of SQL Injection Attacks Demo - SQL Injection Attack types Prevention of SQL Injection attack 01 02 03 04 05
  • 3.
    Copyright © 2019,edureka and/or its affiliates. All rights reserved. Application Security
  • 4.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Cybersecurity Application Security Network Security Information Security Operational Security Disaster Recovery End-user Education Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
  • 5.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Web Application Vulnerabilities Application Security Application security is the use of software, hardware, and procedural methods to protect applications from external threats. 0% 10% 20% 30% 40% 50% 0.06% 0.19% 0.63% 1.69% 2.19% 2.19% 2.44% 2.75% 8.63% 9.69% 18.01% 4.57% 46.97% Denial of Service XML External Entity Open Direct General Bypass Authentication Bypass Remote File Inclusion Full Path Disclosure Remote Code Execution Local File Inclusion Cross Site Request Forgery File Upload SQL Injection Cross Site Scripting
  • 6.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training
  • 7.
    Copyright © 2019,edureka and/or its affiliates. All rights reserved. What is SQL Injection?
  • 8.
    Front End: HTML,CSS, JavaScript The need for more advanced technology and dynamic websites grew. Database: MySQL, Oracle, MongoDB Back End: .NET, PHP, Ruby, Python In the early days of internet, building websites was pretty straightforward
  • 9.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training What is SQL Injection? A SQL query is in one way an application interacts with database An SQL Injection occurs when an application fails to sanitize the user input data An attacker can use specially crafted SQL commands to control web application’s database server
  • 10.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training SQL Injection Attack – Non Technical Explanation Drive through <route> and <where should the bus stop?> if <when should the bus stop?>. Sample populated form Drive through route77 and stop at the bus stop if there are people at the bus stop Drive through route77 and do not stop at the bus stop and ignore the rest of the from. if there are people at the bus stop
  • 11.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training SQL Injection Attack – Technical Explanation Sample SQL statement $statement = “SELECT * FROM users WHERE username = ‘$user’ AND password = ‘$password‘“; $statement = “SELECT * FROM users WHERE username = ‘Dean’ AND password = ‘WinchesterS’“; Sample SQL Injection Condition that will always be true, thereby it is accepted as a valid input by the application Instructs the SQL parser that the rest of the line is a comment and should not be executed $statement = “SELECT * FROM users WHERE username = ‘Dean OR ‘1’=‘1’ --‘AND password = ‘WinchesterS’“;
  • 12.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Impact of SQL Injection Attack Extract sensitive information Misusing authentication details Delete data and drop tables
  • 13.
    Copyright © 2019,edureka and/or its affiliates. All rights reserved. Types of SQL Injection
  • 14.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Categories of SQL Injection SQL Injection Error-based Union-based In-Band SQLi Blind SQLi Out-of-bound SQLi Boolean-based Time-based
  • 15.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Error BasedError Based Types of SQL Injection Error-based SQL Injection Union-based SQL Injection Union Based Boolean Based Time Based Out-of-bound https://example.com/index.php?id=1 AND SELECT "mysql" UNION SELECT @@version https://example.com/index.php?id=1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)-- https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',true,false) https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',sleep(3),false)) Out-of-boundTime BasedUnion Based Boolean Based
  • 16.
    Copyright © 2019,edureka and/or its affiliates. All rights reserved. Demo – Types of SQL Injection
  • 17.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training Preventing SQL Injection Performing static and dynamic testing Using parameterized queries and ORMs Using escape characters in SQL queries Enforcing least privilege on database Enabling web-application firewalls
  • 18.
    Copyright © 2019,edureka and/or its affiliates. All rights reserved. Exploiting SQL Vulnerability in Application
  • 19.
    Cybersecurity Certification Trainingwww.edureka.co/cybersecurity-certification-training