SQL INJECTION

SQL injection is one of the most common web hacking techniques.

SQL injection is a code injection technique in which malicious SQL statements are inserted for backend database manipulation to access information.

SQL Injection Based on 1=1 is Always True.

SQL Injection Based on Batched SQL Statements .

A batch of SQL statements is a group of two or more SQL statements, separated by semicolons.

SELECT * FROM Users; DROP TABLE Suppliers

Types of SQL Injection

1. Error-Based SQL Injection

2. Union-Based SQL Injection

3. Blind SQL Injection

    1. Boolean-based SQL injection

    2. Time-based SQL injection

Simple SQL Injection

An error-based SQL injection is the Simple SQL Injection or simplest type but, the only difficulty with this method is that it runs only with MS-SQL Server. In this attack, we cause an application to show an error to extract the database. Normally, you ask a question to the database, and it responds with an error including the data you asked for.

Union-Based SQL Injection

Union-Based SQL Injection uses the UNION operator. In this technique attacker combine the results of two or more SELECT statements into a single result. 

Blind SQL Injection

The blind SQL injection is the hardest type. In this attack, no error messages are received from the database; hence, we extract the data by asking questions to the database. 

The blind SQL injection is further divided into two kinds:

1. Boolean-based SQL injection

2. Time-based SQL injection

The above techniques can be used to obtain the data in the database by either asking a question or inducing a time delay.

SQL Injection prevention

Parameterized Statements

Object Relational Mapping

Escaping Inputs

Sanitizing Inputs

Principle of Least Privilege

Password Hashing

Third Party Authentication

Development Methodologies

It is a systemetic way to develop a software in a different-different models.

Tradition Methodology  example waterfall

Agile Methodology – example Scrum

Software Development Life Cycle (SDLC)

SDLC A process(aims to produce high quality system that meets or exceeds customer expectation within times and cost estimates) consists various kinds of software development models and each modals have own order of stages/phases.Each phase produces deliverables required by the next phase in the life cycle.

There are following six phases in every Software development life cycle model:

   1.Requirement gathering(Planning) and analysis

   2.Design

   3.development or Implementation or coding

   4.Testing

   5.Deployment

   6.Maintenance

1 waterfall model:

Some other Important terminologies:

1. Database – Collection of information in permanent storage for faster retrieval and updation. Examples are MySql, MongoDB, etc.
2. Data warehouse – Management of huge data of legacy data( the data we keep at a different place from our fresh data in the database to make the process of retrieval and updation fast) for better analysis.
3. Big data – Analysis of too large or complex data, which cannot be dealt with the traditional data processing applications.