Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Cross Site Scripting and SQL Injection
Transcript of Cross Site Scripting and SQL Injection
- Code injection attack Most common flaws found in web applications in 2010
SANS Top 25 Dangerous Programming Errors, 2010
- Ranked 1st XSS
- Ranked 2nd SQL injection
SANS Top 25 Most Dangerous Software Errors, 2011
- Ranked 1st SQL injection
- Ranked 4th XSS
1- Stealing customer information
2- Social security numbers
4- Credit card numbers
5- Changing or deleting highly sensitive business information Defending against xSS
Disable scripts when it is not needed
Don't trust links to other websites that appear on e-mail or message boards
Don't click on links from websites that lead to security-sensitive pages, unless you confirm the authenticity of the website.
Access sites that involve sensitive information directly from their address and not through any third-party websites. What is cross-site scripting (XSS)? What is SQL injection? How does XSS work? - Attacker injects malicious script into website
- User enters website and the malicious code is executed on his browser
- Attacker steals information How does SQL injection work? October 2012 XSS:
1- Stealing login credentials from cookies session
2- Taking over victims account
3- Direct victims to fake websites that are designed to trick them into revealing private information such as credit card numbers or bank account details Defending against SQL injection
Update regularly and apply patches.
Use a web application firewall.
Use appropriate privileges when connecting to the database.
Encrypt confidential data, hash your passwords and change the passwords regularly. Sara Mohammad
20107913 Who are behind these attacks? Why they use XSS and SQL injection attacks?