Ethical Hacking: SQL Injection

Ethical Hacking: SQL Injection
Ethical Hacking: SQL Injection
English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 5h 19m | 906 MB

Pluralsight is not an official partner or accredited training center of EC-Council. This course goes through how to detect SQL injection and identify risks as you to become an ethical hacker with a strong SQL injection understanding.

Pluralsight is not an official partner or accredited training center of EC-Council. Ever since we started connecting websites to databases, SQL injection has been a serious security risk with dire ramifications. The ability for attackers to run arbitrary queries against vulnerable systems can result in data exposure, modification, and in some cases, entire system compromise. SQL injection is classified as the number one risk on the web today due to the “perfect storm” of risk factors. It’s very easily discoverable, very easily exploited, and the impact of a successful attack is severe. Add to that the fact that injection risks remain rampant, it’s clear how it deserves that number one spot. This course takes you through everything from understanding the SQL syntax used by attackers, basic injection attacks, database discovery and data exfiltration, advanced concepts, and even using injection for network reconnaissance and running system commands. It’s everything an ethical hacker needs to know to be effective in identifying the SQL injection risk in target systems.

Table of Contents

Why SQL Injection Matters
1 Overview
2 The Significance of SQL Injection
3 Executing a SQL Injection Attack
4 The Impact of a Successful Attack
5 SQL Injection in the Wild
6 Summary

Understanding SQL Queries
7 Overview
8 Understanding Structured Query Language
9 Statement Termination
10 Using the SQL Comment Syntax
11 SQL Queries Versus Data
12 The Value of Internal Exceptions
13 Summary

The Mechanics of SQL Injection Attacks
14 Overview
15 Types of SQL Injection
16 The Single Character Injection Test
17 Modifying the Query Structure
18 Circumventing Website Logins
19 Modifying Data and Database Objects
20 Identifying the Risk in Code
21 Understanding and Detecting Input Sanitization
22 Summary

Discovering Schema and Extracting Data
23 Overview
24 Understanding the Union Operator
25 Executing Union Injection
26 Manual Database Structure Discovery with Error-based Injection
27 Querying System Objects for Schema Discovery
28 Extracting Schema Details with Union Injection
29 Enumerating Result Sets with Sub-queries
30 Extracting Schema Details with Error-based Injection
31 Summary

Blind SQL Injection
32 Overview
33 Basic and Blind Attack Success Criteria
34 Understanding a Blind Attack
35 Applying Boolean Based Injection
36 Constructing Yes and No Questions for Boolean Based Injection
37 Enumerating via ASCII Values
38 Where Time Based Injection Makes Sense
39 Understanding the WAITFOR DELAY Command
40 Constructing a Time Based Attack
41 Summary

Advanced SQL Injection Concepts
42 Overview
43 Database Server Feature Comparison
44 Establishing Account Identity and Rights
45 Enumerating Other Databases on the System
46 Creating Database Logins
47 Extracting Passwords from SQL Server Hashes
48 Replicating a Table Using OPENROWSET
49 Executing Commands on the Operating System
50 SQL Injection for Network Reconnaissance
51 Summary

Defending Against Attacks
52 Overview
53 Implement Proper Error Handling
54 Validating Untrusted Data
55 Query Parameterization
56 Stored Procedures
57 Object Relational Mappers
58 The Principle of Least Privilege
59 Isolating the Database Network Segment
60 Using an IDS or WAF
61 Keeping Software Patched and Current
62 Summary

Evasion Techniques
63 Overview
64 Understanding Signatures
65 Basic Evasion Techniques
66 Encoding for Evasion
67 Splitting Strings
68 White Space Diversity
69 Inline Comments
70 Variables
71 String Manipulation
72 Summary

Automating Attacks
73 Overview
74 Testing in the Browser with SQL Inject Me
75 Fuzz Testing with Burp Suite
76 Data Extraction with Havij
77 Schema Mapping with sqlmap
78 Dynamic Analysis Testing with NetSparker
79 Summary