Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Cross Site Scripting and SQL Injection

No description

Sara Al

on 3 May 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Cross Site Scripting and SQL Injection

Cross Site Scripting and SQL Injection How to defend against these attacks ??!! - They are security vulnerabilities found in web applications.

- Code injection attack Most common flaws found in web applications in 2010

SANS Top 25 Dangerous Programming Errors, 2010
- Ranked 1st XSS
- Ranked 2nd SQL injection

SANS Top 25 Most Dangerous Software Errors, 2011
- Ranked 1st SQL injection
- Ranked 4th XSS
SQL injection:
1- Stealing customer information
2- Social security numbers
3- Addresses
4- Credit card numbers
5- Changing or deleting highly sensitive business information Defending against xSS

Disable scripts when it is not needed

Don't trust links to other websites that appear on e-mail or message boards

Don't click on links from websites that lead to security-sensitive pages, unless you confirm the authenticity of the website.

Access sites that involve sensitive information directly from their address and not through any third-party websites. What is cross-site scripting (XSS)? What is SQL injection? How does XSS work? - Attacker injects malicious script into website

- User enters website and the malicious code is executed on his browser

- Attacker steals information How does SQL injection work? October 2012 XSS:
1- Stealing login credentials from cookies session
2- Taking over victims account
3- Direct victims to fake websites that are designed to trick them into revealing private information such as credit card numbers or bank account details Defending against SQL injection

Update regularly and apply patches.

Use a web application firewall.

Use appropriate privileges when connecting to the database.

Encrypt confidential data, hash your passwords and change the passwords regularly. Sara Mohammad
20107913 Who are behind these attacks? Why they use XSS and SQL injection attacks?
Full transcript