1

CONTENTS

 COMPANY PROFILE
o Introduction about the Company
o Services and Solution
 TASK PERFORMED
o Learning Experiences
o Knowledge Acquired
o Skills Learned
o Challenges
 REFLECTIONS
o Details of project
o Screenshots
 CONCLUSION

Object Detection
3
INTRODUCTION
TECHNOFLY SOLUTIONS AND CONSULTING
For Innovative Visions..

• Technofly solution offers services in the areas of Real-Time Embedded Systems, Low power VLSI design,
Verification and Software Engineering Services. Its strong team of around 30 engineers is equipped with the right
tools and right processes to deliver the best..

• The Management team as mixture of Technical and Business development expertise with 14+years of
experience in the Information Technology Field.

• Technofly solutions and consulting is also a leading Skills and Talent Development company that is building a
manpower pool for global industry requirements.

• We empower individual with knowledge, skills and competencies that assist them to escalate as integrated
individuals with a sense of commitment and dedication

Object Detection
3

SERVICES AND SOLUTIONS

Object Detection
4

LEARNING EXPERIENCE
• In this Cyber world every data on the internet can be exploited by the attacker targeting us.

• The learning experience provided security awareness about the internet which is the center
of gravity for communication and transactions online.

• Taught how to secure our systems and activities over the internet as a measure to defend
against intrusions.

Object Detection
5

KNOWLEDGE ACQUIRED

Ethical Hacking:
Also called as Penetration Testing is an act of intruding/penetrating into system or
networks to find out threats, vulnerabilities in those systems which a malicious attacker may
find and exploit causing loss of data, financial loss or other major damages.

Kali Linux:
It is a Debian-derived Linux distribution designed for digital forensics and penetration
testing. It is maintained and funded by Offensive Security Ltd. Other linux based operating
systems like Parrot OS, Cyborg etc. for security.

Steganography
The technique of hiding secret data within an ordinary, non-secret, file or
message (image) in order to avoid detection, the secret data is then extracted at its
destination.
SQL Injection
6

SKILLS LEARNED
 Burpsuite
Integrated platform for performing security test of web applications or websites that can
pose greater threat to the users and to the organization hosting them.

 Wireshark
A scanning network tools that lets us to analyze the network protocol at a microscopic
level.

 Sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and
exploiting SQL injection flaws and taking over of database servers.

 Metasploit
The Metasploit framework is a penetration testing tool that can verify vulnerability
mitigations & manage security assessments.
SQL Injection
7

CHALLENGES

• During the course of our training we came across many challenges and overcome them with the
help of our trainers and attenders
• The most challenging task was to integrate is vulnerable to SQLi, We overcame this challenge in
our project
• You are granted permission to attack the application in order to retrieve the clue.
• The challenge is to bypass the login and find the clue by using the search field that is shown when
you are authenticated. You will have to use common SQLi tricks such as ' OR 1=1 and merge
datasets with UNION

Object Detection
8

P R O J E C T D E TA I L S

OBJECT DETECTION

• Object Detection is a computer vision technique that allows us to identify and locate objects in an
image or video.
• With this kind of identification and localization , object detection can be used to count objects in a
scene and determine and track their precise locations, all while accurately labeling them.

Object Detection
9

TYPES OF OBJECT DETECTION

1. In-band SQLi
The attacker uses the same channel of communication to launch their attacks and to gather their results. There
are two sub-variations of this method:
• Error-based SQLi --The attacker performs actions that cause the database to produce error messages. The
attacker can potentially use the data provided by these error messages to gather information about the structure
of the database.
• Union-based SQLi --This technique takes advantage of the UNION SQL operator, which fuses multiple select
statements generated by the database to get a single HTTP response.

Object Detection
10

TYPES OF OBJECT DETECTION

2. Blind (Inferential) SQLi

Blind SQL injections rely on the response and behavioral patterns of the server so they are typically slower to
execute but may be just as harmful.
Blind SQL injections can be classified as follows:
• Boolean—The attacker sends a SQL query to the database prompting the application to return a result. The result
will vary depending on whether the query is true or false.
• Time-based—attacker sends a SQL query to the database, which makes the database wait before it can react.
The attacker can see from the time the database takes to respond, whether a query is true or false.

Object Detection
11

TYPES OF OBJECT DETECTION

3. Out-of-band SQLi
The attacker can only carry out this form of attack when certain features are enabled on the database
server used by the web application.

Object Detection
12
SCREENSHOTS

ERROR BASED SQL INJECTION

Object Detection
13

UNION BASED SQL INJECTION

Object Detection
14

Object Detection
15

POSSIBLE OUTCOMES

The CIA Triad refers to the 3 Goals of Cyber Security.

• Confidentiality
• Integrity
• Availability

Object Detection
16

CONCLUSION
• Most of the web applications uses intermediate layer to accept a request from the user and retrieve sensitive
information from the database.
• Most of the time they use scripting language to build intermediate layer.
• To breach security of database hacker often uses SQL injection techniques.
• SQLiX is one of the best web security scanner for finding SQL injection vulnerabilities from the web site.
• It is very efficient in terms of speed, insertion of number of injection and injecting your own function.
• GUI helps novice user to try all combination of attack without remembering all options.
• HTTP Post method increase the number of injections injecting in to the database.

Object Detection
17

THANK YOU

Object Detection