This course is part of the 20 course Ethical Hacking Series. SQL injection remains the number one risk on the web today. Understanding how to detect it and identify risks in your web applications early is absolutely critical. This course goes through the risk in depth and helps you to become an ethical hacker with a strong SQL injection understanding.

This course is part of the 20 course Ethical Hacking Series. Ever since we started connecting websites to databases, SQL injection has been a serious security risk with dire ramifications. The ability for attackers to run arbitrary queries against vulnerable systems can result in data exposure, modification, and in some cases, entire system compromise. SQL injection is classified as the number one risk on the web today due to the “perfect storm” of risk factors. It’s very easily discoverable, very easily exploited, and the impact of a successful attack is severe. Add to that the fact that injection risks remain rampant, it’s clear how it deserves that number one spot. This course takes you through everything from understanding the SQL syntax used by attackers, basic injection attacks, database discovery and data exfiltration, advanced concepts, and even using injection for network reconnaissance and running system commands. It’s everything an ethical hacker needs to know to be effective in identifying the SQL injection risk in target systems.

01_01-Overview
01_02-The Significance of SQL Injection
01_03-Executing a SQL Injection Attack
01_04-The Impact of a Successful Attack
01_05-SQL Injection in the Wild
01_06-Summary
02_01-Overview
02_02-Understanding Structured Query Language
02_03-Statement Termination
02_04-Using the SQL Comment Syntax
02_05-SQL Queries Versus Data
02_06-The Value of Internal Exceptions
02_07-Summary
03_01-Overview
03_02-Types of SQL Injection
03_03-The Single Character Injection Test
03_04-Modifying the Query Structure
03_05-Circumventing Website Logins
03_06-Modifying Data and Database Objects
03_07-Identifying the Risk in Code
03_08-Understanding and Detecting Input Sanitization
03_09-Summary
04_01-Overview
04_02-Understanding the Union Operator
04_03-Executing Union Injection
04_04-Manual Database Structure Discovery with Errorbased Injection
04_05-Querying System Objects for Schema Discovery
04_06-Extracting Schema Details with Union Injection
04_07-Enumerating Result Sets with Subqueries
04_08-Extracting Schema Details with Errorbased Injection
04_09-Summary
05_01-Overview
05_02-Basic and Blind Attack Success Criteria
05_03-Understanding a Blind Attack
05_04-Applying Boolean Based Injection
05_05-Constructing Yes and No Questions for Boolean Based Injection
05_06-Enumerating via ASCII Values
05_07-Where Time Based Injection Makes Sense
05_08-Understanding the WAITFOR DELAY Command
05_09-Constructing a Time Based Attack
05_10-Summary
06_01-Overview
06_02-Database Server Feature Comparison
06_03-Establishing Account Identity and Rights
06_04-Enumerating Other Databases on the System
06_05-Creating Database Logins
06_06-Extracting Passwords from SQL Server Hashes
06_07-Replicating a Table Using OPENROWSET
06_08-Executing Commands on the Operating System
06_09-SQL Injection for Network Reconnaissance
06_10-Summary
07_01-Overview
07_02-Implement Proper Error Handling
07_03-Validating Untrusted Data
07_04-Query Parameterization
07_05-Stored Procedures
07_06-Object Relational Mappers
07_07-The Principle of Least Privilege
07_08-Isolating the Database Network Segment
07_09-Using an IDS or WAF
07_10-Keeping Software Patched and Current
07_11-Summary
08_01-Overview
08_02-Understanding Signatures
08_03-Basic Evasion Techniques
08_04-Encoding for Evasion
08_05-Splitting Strings
08_06-White Space Diversity
08_07-Inline Comments
08_08-Variables
08_09-String Manipulation
08_10-Summary
09_01-Overview
09_02-Testing in the Browser with SQL Inject Me
09_03-Fuzz Testing with Burp Suite
09_04-Data Extraction with Havij
09_05-Schema Mapping with sqlmap
09_06-Dynamic Analysis Testing with NetSparker
09_07-Summary