Professional Documents
Culture Documents
SQL Injections
SQL Injections
Photo by Pexels
The Anatomy of an SQL
Injection
● Injection Attack
and Manipulation of SQL
Statements/Data
● Exploiting Input Validation & Parameterized
Queries
● Impact on Data Confidentiality/Integrity
● Illustrative example
Photo by Pexels
Types of SQL Injection Attacks
● In-Band SQL Injection
● Blind SQL Injection
● Out-of-Band SQL Injection
● Error-Based SQL Injection
Photo by Pexels
SQL Injection Detection: Tools
and Techniques
● Web Application Firewalls
● Database Activity Monitoring
● Penetration Testing
● Code Review
Photo by Pexels
Preventing SQL Injection
Attacks: BestPrevention
● SQL Injection PracticesChecklist
● Secure Coding Practices
● Implementing Parameterized Queries
● Avoiding Dynamic SQL
Photo by Pexels
Impact and Cost of an SQL
Injection Attack Data
● Loss of Confidential
● Damages to Reputation and Trust
● Litigations and Fines
● Business Disruption
Photo by Pexels
Real World Examples: High
Profile SQL Injection
● Sony Pictures EntertainmentAttacks
(2014)
● Heartland Payment Systems (2009)
● Target Corporation (2013)
● Yahoo! Voices (2012)
Photo by Pexels