Ethical Hacking: SQL Injection

Ethical Hacking: SQL Injection

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 1h 39m | 273 MB

SQL injections are a common way to gain unauthorized access to web applications and extract data from them. In this course, instructor Malcolm Shore shows you the SQL command language and how it is used by attackers to craft SQL Injections. Malcolm begins with commonly encountered relational databases and the basics of the SQL command language. Then he focuses on advanced SQL commands that may be used by attackers to achieve SQL injections. Malcolm explains how to use a simple Python script and how an SQL injection changes the backend SQL query. Then he demonstrates how SQL injections could be used to exploit some testing targets. Malcolm steps through the process of automating SQL injection exploits, then finishes with advice on how to continue to hone your skills as a penetration tester.

Table of Contents

Introduction
1 Understanding how SQL injections work
2 What you should know
3 Disclaimer

1. SQL Basics
4 Starting with SQL
5 Creating a MySQL database
6 Using SQL
7 Finding the SQL password

2. Testing for SQL Injections
8 Checking out the Security Shepherd
9 Injecting Mutillidae
10 Deep diving the target with SQLi
11 Cracking the MySQL hash
12 Injecting Microsoft SQL Server
13 Injecting Oracle SQL Server

3. Automating SQL Injection Exploits
14 Inferring TRUE when blind
15 Getting our first sqlmap injection
16 Inserting an SQL injection via Burp Suite
17 Following up with a second injection
18 Defeating the WAF
19 Navigating a complex injection
20 Using request messages to inject SQL
21 Checking out SQLI Labs

Conclusion
22 What’s next

Homepage