Learn about the SQL command language and SQL injections. Examine SQL injections in MySQL, SQL Server, and Oracle XE, and discover how attackers defeat web application firewalls.
Overview
Syllabus
Introduction
- Understanding how SQL injections work
- What you should know
- Disclaimer
- Starting with SQL
- Creating a MySQL database
- Using SQL
- Finding the SQL password
- Checking out the Security Shepherd
- Injecting Mutillidae
- Deep diving the target with SQLi
- Cracking the MySQL hash
- Injecting Microsoft SQL Server
- Injecting Oracle SQL Server
- Inferring TRUE when blind
- Using prepared SQL queries
- Getting our first sqlmap injection
- Sanitizing input to SQL
- Inserting an SQL injection via Burp Suite
- Following up with a second injection
- Defeating the WAF
- Navigating a complex injection
- Using request messages to inject SQL
- Checking out SQLI Labs
- What's next?
Taught by
Malcolm Shore