• Nikita Krishnarao Deshmukh

Today’s world is very much dependent on web applications, So much Sensitive information and customer information is stored on the database that we need to provide Security to these web applications. The project is going to show how the SQL injection attacks and Session hijacking attacks perform on the E-learning system and also some efficient techniques that will prevent SQL injection attack and session hijacking. A session is a unique identifier generated by a server that is sent to a client for identifying current interaction session, which is stored in a cookie. A cookie is a short text file for identifying a particular client. Since cookies are transmitted over HTTP, they are visible and prone to attacks such as session hijacking. Attackers can use SQL Injections to find the credentials of other users in the database. They can then impersonate these users. The impersonated user may be a database administrator with all database privileges. SQL also lets you alter data in a database and add new data. For example, in a financial application, an attacker could use SQL Injection to alter balances, void transactions, or transfer money to their account. The only sure way to prevent SQL Injection attacks is input validation and parameterized queries including prepared statements.

E-Learning Website, Session hijacking, SQL injection, Security, Prevention.

"Active and Passive attacks on E-learning System with Prevention", International Journal of Emerging Technologies and Innovative Research (www.jetir.org), ISSN:2349-5162, Vol.7, Issue 3, page no.36-49, March-2020, Available :http://www.jetir.org/papers/JETIR2003307.pdf

"Active and Passive attacks on E-learning System with Prevention", International Journal of Emerging Technologies and Innovative Research (www.jetir.org | UGC and issn Approved), ISSN:2349-5162, Vol.7, Issue 3, page no. pp36-49, March-2020, Available at : http://www.jetir.org/papers/JETIR2003307.pdf