What you'll learn:
- See, in action, the power of SQL injections
- You will attack applications legally & safely
- Learn defense controls to protect your applications and databases from SQL injections
- Perform SQL injections by hand and with automated tools
- Learn about various SQL injection techniques
- Look at vulnerable code and learn how to make it secure
About the course:
Welcome to this course on SQLinjection attacks! In this course, we explore one of the biggest risks facing web applications today.
We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of SQL and injections. After that, we learn SQLinjection techniques with the help of cheat sheets and references. At that point, we start to gather information about our target in order to find weaknesses and potential vulnerabilities.
Once we've gathered enough information, we go full-on offensive and perform SQLinjections both by hand and with automated tools. These attacks will extract data such as tokens, emails, hidden products, and password hashes which we then proceed to crack.
After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the network, application, and database layers. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections.
Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications.
-----------------------
Topics we will cover together:
How to set up a Kali Linux VirtualMachine for free
How to configure and create safe &legal environments using containers inside of Kali
How to get started with OWASPZAP (a free alternative to Burp Suite)
A quick refresher of what SQLis and how it works
An explanation of what SQLinjections are and how they work
SQLinjection techniques with cheat sheets and references
How to gather information about your target in order to find potential vulnerabilities
How to perform SQLinjections by hand with a proxy tool (ZAP)
How to perform SQLinjections with automated tools (SQLMap)
How to use results from successful and unsuccessful injections to further exploit the application (ie: crack passwords)
How to defend against SQLinjections at the network layer
How to defend against SQLinjections at the application layer
How to defend against SQLinjections at the database layer
How to find vulnerabilities by looking at code
Proper coding techniques to prevent SQL injections
-----------------------
Requirements:
To understand how SQLinjections work and how to perform them as well as defend against them, you must have:
Experience working with web applications
Experience with SQL
Suggestion:You may also wish to take our free Introduction to Application Security (AppSec) course to familiarize yourself with the concepts of Application Security.
-----------------------
Instructor
My name is Christophe Limpalair, and Ihave helped thousands of individuals pass ITcertifications and learn how to use the cloud for their applications. I got started in ITat the age of 11 and unintentionally fell into the world of cybersecurity.
As Ideveloped a strong interest in programming and cloud computing, my focus for the past few years has been training thousands of individuals in small, medium, and large businesses (including Fortune 500) on how to use cloud providers (such as Amazon Web Services) efficiently.
I've taught certification courses such as the AWSCertified Developer, AWSCertified SysOps Administrator, and AWSCertified DevOps Professional, as well as non-certification courses such as Introduction to Application Security (AppSec), Lambda Deep Dive, Backup Strategies, and others.
Working with individual contributors as well as managers, Irealized that most were also facing serious challenges when it came to cybersecurity.
Digging deeper, it became clear that there was a lack of training for AppSec specifically. As we explore in the course, SQLinjections are far too common and can be devastating to organizations.
It's time to take security into our own hands and to learn how to build more secure software in order to help make the world a safer place! Join me in the course, and we'll do just that!
Iwelcome you on your journey to learning more about SQLinjections, and I look forward to being your instructor!