Course Overview
In this course, we dive into the technical details behind SQL Injection vulnerabilities and cover the different types of SQL Injection vulnerabilities. We learn how to find these types of vulnerabilities from both a black-box and a white-box perspective and cover the different ways to exploit SQL Injection vulnerabilities. We also go through prevention and mitigation techniques to safeguard against these types vulnerabilities.
This is not your average course that just teaches you the basics of SQL Injection. This course contains over 9 hours worth of content that not only describes the technical details behind SQL Injection vulnerabilities, but also includes 18 labs that give you hands-on experience exploiting real-world examples.
Requirements:
- Basic knowledge of computers (i.e. how to use the internet).
- Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).
- Basic knowledge of SQL commands and query structure.
- Latest version of Kali Linux VM (free download).
- PortSwigger Web Security Academy account to access the labs (free registration).
- Basic knowledge of Python scripting.
COURSE CURRICULUM - 10 HOURS
- Lab #1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data (29:06)
- Lab #2 SQL injection vulnerability allowing login bypass (33:17)
- Lab #3 SQLi UNION attack determining the number of columns returned by the query (33:59)
- Lab #4 SQL injection UNION attack, finding a column containing text (29:08)
- Lab #5 SQL injection UNION attack, retrieving data from other tables (24:45)
- Lab #6 SQL injection UNION attack, retrieving multiple values in a single column (29:24)
- Lab #7 SQL injection attack, querying the database type and version on Oracle (26:50)
- Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft (22:16)
- Lab #9 SQL injection attack, listing the database contents on non Oracle databases (45:18)
- Lab #10 SQL injection attack, listing the database contents on Oracle (40:24)
- Lab #11 Blind SQL injection with conditional responses (48:38)
- Lab #12 Blind SQL injection with conditional errors (44:58)
- Lab #13 Blind SQL injection with time delays (19:08)
- Lab #14 Blind SQL injection with time delays and information retrieval (35:37)
- Note - Changes to Burp Collaborator
- Lab #15 Blind SQL injection with out-of-band interaction (10:19)
- Lab #16 Blind SQL injection with out of band data exfiltration (8:17)
- Lab #17 SQL injection with filter bypass via XML encoding (7:14)
- Lab #18 Visible error-based SQL injection (14:46)
This course is included in
the All-Access Membership
plan starting at $29.99/month
Gain full access to this course as well as our entire course catalog by enrolling in the All-Access Membership plan.
ABOUT THE AUTHOR
Rana Khalil is an accomplished Application Security Engineer currently steering the digital safety ship in Canada's dynamic public and private sectors. With her cutting-edge expertise, she's not only securing applications, but also shaping the future of cybersecurity across the nation.
She holds a Bachelor's and Master’s degree in Computer Science and is OSCP certified. She has spoken about her research at various local and international conferences, and received several awards and honorable mentions for her contributions to the cybersecurity community.
Follow Rana on Social Media:
LinkedIn: https://www.linkedin.com/in/ranakhalil1/
Youtube: https://www.youtube.com/channel/UCKaK-XPQAbznwIISC...
Courses Included in the All-Access Membership Plan
Frequently Asked Questions (FAQ)
What is the refund policy?
All students are entitled to a 3-day refund from the date of purchase of the All-Access Membership. Please follow the instructions outlined in this link to submit a refund request.
Will I receive a certificate of completion after I finish the course?
Yes, we currently provide a certificate of completion. However, the course is designed to help aid students in the preparation for PortSwigger's Burp Suite Certified Practitioner certification. Therefore, students are encouraged to enroll in the certification if they feel they are ready.
Does the course include subtitles?
Yes, all of the lessons in this course feature auto-generated English, Arabic, Spanish, Portuguese, Hindi, Indonesian, Urdu, French & German subtitles.
Is the course eligible for Continuing Professional Education (CPE) credits?
Yes, each certificate of completion specifies the total CPE credits earned.