Tags
Language
Tags
December 2024
Su Mo Tu We Th Fr Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31 1 2 3 4

Mastering Sql Injection - The Ultimate Hands-On Course

Posted By: ELK1nG
Mastering Sql Injection - The Ultimate Hands-On Course

Mastering Sql Injection - The Ultimate Hands-On Course
Published 7/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 5.61 GB | Duration: 9h 42m

How to Find, Exploit and Defend Against SQL Injection Vulnerabilities. For Ethical Hackers, Developers & Pentesters

What you'll learn

Learn how to find SQL Injection vulnerabilities from both a black-box and white-box perspective.

Learn how to exploit SQL Injection vulnerabilities of varying difficulty levels.

Gain hands-on experience exploiting SQL injection vulnerabilities using Burp Suite Community and Professional editions.

Learn how to automate attacks in Python.

Learn how to defend against SQL Injection vulnerabilities.

Requirements

Basic knowledge of computers (i.e. how to use the internet).

Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).

Basic knowledge of SQL commands and query structure.

Latest version of Kali Linux VM (free download).

PortSwigger Web Security Academy account to access the labs (free registration).

Basic knowledge of Python Scripting.

Description

For the longest time, up until a few years ago, SQL Injection fell under the number one most critical security risk facing web applications today. Although the vulnerability itself is simple to learn and exploit, it can potentially lead to disastrous consequences that leave an organization open to severe risks such as sensitive information disclosure, authentication bypass and even remote code execution.In this course, we dive into the technical details behind SQL Injection vulnerabilities, the different types of SQL injection vulnerabilities, how to find them from both a black-box and a white-box perspective and cover the different ways to exploit SQL injection vulnerabilities. We also go through prevention and mitigation techniques on how to prevent and mitigate these types of vulnerabilities.This is not your average course that just teaches you the basics of SQL Injection. This course contains over 9 hours worth of content that not only describes the technical details behind SQL Injection vulnerabilities, but also contains 18 labs that give you hands-on experience exploiting real-world examples. The labs are of varying difficulty levels starting with really simple examples and slowly moving up in difficulty.If you're a penetration tester, application security speciality, bug bounty hunter, software developer, ethical hacker, or just anyone interested in web application security, this course is for you!

Overview

Section 1: Introduction

Lecture 1 Course Introduction

Section 2: Getting help

Lecture 2 Udemy tips and tricks

Lecture 3 Answering your questions

Section 3: SQL Injection - Technical Deep Dive

Lecture 4 Agenda

Lecture 5 What is SQL Injection?

Lecture 6 How Do You Find SQL Injection Vulnerabilities?

Lecture 7 How Do You Exploit SQL Injection Vulnerabilities?

Lecture 8 How Do You Prevent SQL Injection Vulnerabilities?

Lecture 9 Additional Resources

Section 4: Lab Environment Setup

Lecture 10 Lab Environment Setup

Section 5: Hands-on SQL Injection Labs

Lecture 11 Lab #1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden

Lecture 12 Lab #2 SQL injection vulnerability allowing login bypass

Lecture 13 Lab #3 SQLi UNION attack determining the number of columns returned by the query

Lecture 14 Lab #4 SQL injection UNION attack, finding a column containing text

Lecture 15 Lab #5 SQL injection UNION attack, retrieving data from other tables

Lecture 16 Lab #6 SQL injection UNION attack, retrieving multiple values in a single column

Lecture 17 Lab #7 SQL injection attack, querying the database type and version on Oracle

Lecture 18 Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft

Lecture 19 Lab #9 SQL injection attack, listing the database contents on non Oracle databas

Lecture 20 Lab #10 SQL injection attack, listing the database contents on Oracle

Lecture 21 Lab #11 Blind SQL injection with conditional responses

Lecture 22 Lab #12 Blind SQL injection with conditional errors

Lecture 23 Lab #13 Blind SQL injection with time delays

Lecture 24 Lab #14 Blind SQL injection with time delays and information retrieval

Lecture 25 Note - Changes to Burp Collaborator

Lecture 26 Lab #15 Blind SQL injection with out-of-band interaction

Lecture 27 Lab #16 Blind SQL injection with out of band data exfiltration

Lecture 28 Lab #17 SQL injection with filter bypass via XML encoding

Lecture 29 Lab #18 Visible error-based SQL injection

Section 6: Bonus Lecture

Lecture 30 Bonus Lecture

Penetration testers that want to understand how to find and exploit SQL injection vulnerabilities.,Software developers that want to understand how to defend against SQL injection vulnerabilities.,Bug bounty hunters that want to understand how to find and exploit SQL injection vulnerabilities.,Individuals preparing for the Burp Suite Certified Practitioner (BSCP) exam.