Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.

Published byDouglas Sparks Modified over 8 years ago

Similar presentations

Presentation on theme: "Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013."— Presentation transcript:

1 Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013

2 Bio

3 How Important is SQL Injection?

4 SQL injection continues to reign as hackers' most consistently productive technique for stealing massive dumps of sensitive information within corporate databases. In fact, according to analysis done by database security firm Imperva of breach events between 2005 and July of this year, 82 percent of lost data due to hacking was courtesy of SQL injection. http://www.darkreading.com/database- security/167901020/security/news/240006491/hacktivists-continue-to-own- systems-through-sql-injection.html

5 http://news.techworld.com/security/3331283/barclays-97- percent-of-data-breaches-still-due-to-sql-injection/

6 In 2008 SQL Injection became the leading method of malware distribution 16 percent of websites are vulnerable to SQL Injection http://jeremiahgrossman.blogspot.com/2009/02/sql-injection-eye-of- storm.html

7

8 Are You Vulnerable?

9 Example SQL Injection Vulnerability

10

11

12

13 The Commands Used to Steal the Data

14 Data Breach

15

16 Hands-On SQL Injection Project http://samsclass.info/124/proj11/SQLi-MPICT.htm

17 Series of Projects

Download ppt "Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013."

Similar presentations

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
Whitehat Vigilante and The Breach that Wasn't HI-TEC July 26, 2012.

Whitehat Vigilante and The Breach that Wasn't HI-TEC July 26, 2012.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
1Balaji.S. 2 COMPUTER NETWORK AND SECURITY 3Balaji.S.

1Balaji.S. 2 COMPUTER NETWORK AND SECURITY 3Balaji.S.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
 The hackers is a persons that they have a many knowledge in the area of ​​ computer and are capable of deceive the security.

 The hackers is a persons that they have a many knowledge in the area of ​​ computer and are capable of deceive the security.
Potential Research Topics in IS Security and Audit Vern Richardson, University of Arkansas.

Potential Research Topics in IS Security and Audit Vern Richardson, University of Arkansas.
Peter Torres, Tim Poley CS526 Spring 2009.  What is SQL Injection?  Basic Example  Case Studies  Defensive Techniques  Demo.

Peter Torres, Tim Poley CS526 Spring  What is SQL Injection?  Basic Example  Case Studies  Defensive Techniques  Demo.
Albert Gonzales showed early talent and very easily breezed through computer classes. His remarkable computer skills allowed him to hack into the government.

Albert Gonzales showed early talent and very easily breezed through computer classes. His remarkable computer skills allowed him to hack into the government.
Understanding and Dealing with Modern Threats Trent Greenwood, Manager Security Practioners TOLA.

Understanding and Dealing with Modern Threats Trent Greenwood, Manager Security Practioners TOLA.
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
SQL Injection Timmothy Boyd CSE 7330.

SQL Injection Timmothy Boyd CSE 7330.
Secure Software Development Mini Zeng University of Alabama in Huntsville 1.

Secure Software Development Mini Zeng University of Alabama in Huntsville 1.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
Make it easier to change the text: Use the Selection Pane to temporarily hide the Picture Placeholder. (Home tab, Select, Selection Pane). Click the eye.

Make it easier to change the text: Use the Selection Pane to temporarily hide the Picture Placeholder. (Home tab, Select, Selection Pane). Click the eye.

Similar presentations

Ads by Google