-->
BLANTERWISDOM101

SQL Injection Attacks: The 2020 Guide

Monday, August 10, 2020

SQL Injection Attacks: The 2020 Guide - Techpedal

Welcome to this course on SQL injection attacks! In this course, we explore one of the biggest risks facing web applications today.

Also read :Get started Creating Websites Everything you need provided
Also read :Pointers : A Deep Drive

We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of SQL and injections. After that, we learn SQL injection techniques with the help of cheat sheets and references. At that point, we start to gather information about our target in order to find weaknesses and potential vulnerabilities.

Once we've gathered enough information, we go full-on offensive and perform SQL injections both by hand and with automated tools. These attacks will extract data such as tokens, emails, hidden products, and password hashes which we then proceed to crack.

After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the network, application, and database layers. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections.

Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications.

Topics we will cover together:

Also read :PostgreSQL Tutorial for Beginners | Learn PostgreSQL
Also read :iOS 13 + SwiftUI: The very first course to start [2020]

  • How to set up a Kali Linux Virtual Machine for free
  • How to configure and create safe & legal environments using containers inside of Kali
  • How to get started with OWASP ZAP (a free alternative to Burp Suite)
  • A quick refresher of what SQL is and how it works
  • An explanation of what SQL injections are and how they work
  • SQL injection techniques with cheat sheets and references
  • How to gather information about your target in order to find potential vulnerabilities
  • How to perform SQL injections by hand with a proxy tool (ZAP)
  • How to perform SQL injections with automated tools (SQLMap)
  • How to use results from successful and unsuccessful injections to further exploit the application (ie: crack passwords)
  • How to defend against SQL injections at the network layer
  • How to defend against SQL injections at the application layer
  • How to defend against SQL injections at the database layer
  • How to find vulnerabilities by looking at code
  • Proper coding techniques to prevent SQL injections

Requirements:

To understand how SQL injections work and how to perform them as well as defend against them, you must have:

Also read :React Forms Crash Course
Also read : Penetration Testing With Burp Suite

  • Experience working with web applications

  • Experience working with SQL

Suggestion: You may also wish to take our free Introduction to Application Security (AppSec) course to familiarize yourself with the concepts of Application Security.

Who this course is for:

Also read :Introduction- Salesforce Integration
Also read :WSL 2, Docker, Kali Linux and Windows Terminal

  • Web Developers
  • Pentesters
  • Database administrators
  • Software Developers
  • Cloud Engineers
  • Application Security Engineers
  • Risk Analysts

              

Share This :
Rajeshwaran

Rajeshwaran is a blogger who is always fascinated with technology and the amount of knowledge he can gather from the internet. He is trying to nerdify everyone around him with that same knowledge, through his writings. Website: Techpedal

0 Comments

:)
:(
hihi
:-)
:D
=D
:-d
;(
;-(
@-)
:P
:o
-_-
(o)
[-(
:-?
(p)
:-s
(m)
8-)
:-t
:-b
b-(
:-#
=p~
$-)
(y)
(f)
x-)
(k)
(h)
(c)
cheer
(li)
(pl)
Emoticon

Subscribe to: Post Comments (Atom)