Download SQL injection attacked

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
Document related concepts
no text concepts found
Transcript 
TCP/IP Malicious Packet Detection
(SQL Injection Detection)
Ashok Parchuri
Recent Examples
• Tk Maxx (TK Maxx Admitted that over 45.7
Million credit and debit cards were stolen from
the database)
• Microsoft Defaced (On 3rd May 2007 Microsoft is
defaced Using SQL injection attacked attack.
The attacker used simple keyword like or, =.)
• Autoweb.co.uk (Injected a 30 characters to over
write the content, by this hacker gained access
against the website and defaced the website. )
Attack Types
•
•
•
•
SQL Manipulation
Code Injection
Function Call Injection
Buffer Overflow
• Requirements: Web Browser
• Previous Technologies :
Defensive Programming
Anomoly Detection
Application Processing
Sample Attack
Intrusion Detection System Design
Considerations
• The application monitors the URL strings for
SQL keywords and reports any maliciousness
• SQL injection attacks normally done by using
keywords like SELECT, DELETE, FROM, OR, =.
• The intrusion system should effectively scan the
URL requests that is coming from the end-user.
Evaluation
• The application is evaluated for setting the
threshold value for detecting the maliciousness.
• For detecting the application threshold level it is
the application is performed against more than
1700 URL strings.
• The results are evaluated and it is found that
threshold value 40 could effectively detect the
malicious Packets.
Evaluation
Result
• The application is designed to alert the
administrator when it founds an injection attack.
Future Work
• Analysis of threshold level.
• Implementing the application in web server to
evaluate effectiveness.
• Implementing more SQL injection keyword for
detection.
• Reducing the unwanted results
Thank you
Related documents
Link to Slides
Link to Slides
Job Descriptions - Human Resources Department JOB GOAL
Job Descriptions - Human Resources Department JOB GOAL
Business Intelligence and Data Warehousing
Business Intelligence and Data Warehousing
Data Warehouse performance and maintenance
Data Warehouse performance and maintenance
Recruitment Authorisation Form
Recruitment Authorisation Form
mysql> show tables
mysql> show tables
Elements of SQL Data Definition Language
Elements of SQL Data Definition Language
BIS 3204 Database DB Programming
BIS 3204 Database DB Programming
Drug Calculations
Drug Calculations
Implementing and Maintaining Microsoft SQL Server 2008 Analysis
Implementing and Maintaining Microsoft SQL Server 2008 Analysis
Day2.3b - ODU Computer Science
Day2.3b - ODU Computer Science
sql-injection-attack-ndss
sql-injection-attack-ndss