Tuesday, September 19, 2017

SQL Injection - Which may Destroy Your Database




SQL Injection :-

It is a Code Injection technique which might destroy your database knowingly or Unknowingly. We should all very careful about it. 

 Here in this blog, we will see how Injection a) might destroy your database and how it b) will bypass security as well. Yes, lets explore with examples. 




 Scenario 1  ( How to break Security Login )

 Here, it is to check the User login with Username and Password. Getting the inputs and passed in a query. If it matches with the User List in the User Table, then it will allow that user to login. 

 Input Values  - Case 1

 User id   =  1001
Password = pass

 The above given inputs will frame the SQL as below. 

 Select * from User_table  where User id = 101  and Password = 'pass';

 The above query will check Username and Password in the User table and allow if the Username and Password is perfectly matched with any of the records.

 Here, there is no SQL Injection. Great. 
Input Values - Case 2

 User id = 1001 OR 1=1 
Password = pass

 The above said Input values  will make SQL statement as below. 

 Select * from User_table  where User id = 101  or 1=1  and Password = 'pass';

 This will select records always even though if any one enters wrong username and password. Then the application or database is in User's hand to do whatever he want. 

 This is one way of doing SQL Injection. Be careful about it. 

Scenario 2  ( How to Inject to destroy Database by dropping key tables )

 Here, it is to pass input value to frame  a SQL statement to Execute. 

 Delete from transaction where transaction_no = "Input Value"

 Input Value - Case 1:

 Transaction Number =  100001

 With the above said Input Value, the query will be framed to execute as below. 

 Delete from transaction where transaction_no = 100001

 Here, it is perfect and there is no SQL injection takes place. Perfect One. But.,  lets see in other two cases below. 
Input Value - Case 2:

 Transaction Number =  100001  or  1=1 ;

 With the above said Input Value, the query will be framed to execute as below. 

 Delete from transaction where transaction_no = 100001 or  1=1;

 We all know that, the above statement will not delete only the transaction 100001 but all the transactions in the transaction table, which is the crisis to the business. 

Input Value - Case 3:

 Transaction Number =  100001; drop table USER_LOGIN ;

 With the above said Input Value, the query will be framed to execute as below. 

 Delete from transaction where transaction_no = 100001; drop table USER_LOGIN;

 Think about it, after deleting transaction what will happen. The key table USER_LOGIN will be dropped which may lead to DB Login Crash. 
Solution :-
1. Be very very careful about Input Parameters
2. Include this SQL injection scenarios in all your test cases during Testing.  

 Avoid SQL Injection and Keep our database safe always.


Thanks for all your support. We will connect in our next blog with different topic

 Regards,
Sathish





Posted by at No comments:
Labels: , , , , , ,

Wednesday, September 13, 2017

Data Scientist - The SEXIEST job in 21st Century



Why DATA SCIENTIST is the most sexiest job in 21st Century?


 When I was started my research on what is the ultimate reach of being an Oracle SQL Expert, it went through many areas, but my (re)search was ended with Data Scientists. I always look for proof, which i got amazing information from Naukri and LinkedIn. 



Just read the below fact which will say more about it. 

 India requires over 200,000 data scientists by 2018 and the pay that data scientists get is huge when compared to engineers and chartered accountants. With the right skill sets and experience, the pay gets higher. US and Worldwide requirement by 2020 is over 2 Million Data Scientists are needed. 

 Good thing is, there are more and more upcoming hot jobs related to DATA, which are  
  •    Data Analysts, 
  •    Data Architects, 
  •    Data Engineers, 
  •    Data Statisticians


 Skills set required to become DATA Scientists.

 “A data scientist is someone who is better at statistics than any software engineer and better at software engineering than any statistician.”

 Complete Skill set required to become DATA Scientists are following:-
  • SQL databases and database querying languages
  • Maths Knowledge (e.g. linear algebra, calculus and probability)
  • Statistics (e.g. hypothesis testing and summary statistics)
  • Machine learning tools and techniques (e.g. k-nearest neighbors, random forests, ensemble methods, etc.)
  • Software engineering skills (e.g. distributed computing, algorithms and data structures)
  • Data mining
  • Data cleaning and munging
  • Data visualization (e.g. ggplot and d3.js) and reporting techniques
  • Unstructured data techniques
  • R and/or SAS languages
  • Python (most common), C/C++ Java, Perl
  • Big data platforms like Hadoop, Hive & Pig
  • Cloud tools like Amazon S3
Top 6 Technical Skills required to become DATA Scientists are following:- 
       
  • SQL databases and database querying languages
  • Data visualization (tableau is market leader ) and reporting techniques
  • R and/or SAS languages & Python
  • Big data platforms like Hadoop, Hive & Pig
  • Machine learning 
  • Unstructured data techniques ( Image & Video data reading etc )
Roles of Data Scientists and other Data related hot jobs :-

Data Scientist : Data scientists are big data wranglers. They take an enormous mass of messy data points (unstructured and structured) and use their formidable skills in math, statistics and programming to clean, massage and organize them. They are master in uncover hidden solutions to business challenges and save huge money, reduce risks and to take brilliant business decisions. 

Data Analyst: Data analysts collect, process and perform statistical analyses of data

Data Architect : Data architects create blueprints for data management systems. They are the access providers to access organized data and reports to CEOs to Employees.

Data Engineer : Data engineers build massive reservoirs for big data. They develop, construct, test and maintain architectures such as databases and large-scale data processing systems. They are the data providers for data scientists, architects and analysts.

Data Statistician : Statisticians apply statistical theories and methods to collect, analyze and interpret quantitative data. They involves themselves with global statistics data to compare with organization data.

Salary Range for Data Scientists and other Data related hot jobs :-
( data proof taken from Glass door & Pay scale in US )

 Data Scientists :       $158,000  per year
Data Architects :      $143,000  per year
Data Engineers :       $117,000  per year
Data Analysts :         $117,000  per year
Data Statisticians :     $95,000  per year
We will see more information about Data Scientists in upcoming blogs.

 You are welcome to reach out to me only on Whatsapp +91-9751282520 for more clarifications related to Data Scientists. 

 With Thanks,
Sathish Chandran

Posted by at 4 comments:
Subscribe to: Posts (Atom)