SQL Injections: The Full Course

Показать описание

Welcome to this course on SQL injection attacks! In this course, we explore one of the biggest risks facing web applications today.

We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of SQL and injections. After that, we learn SQL injection techniques with the help of cheat sheets and references. At that point, we start to gather information about our target in order to find weaknesses and potential vulnerabilities.

Once we've gathered enough information, we go full-on offensive and perform SQL injections both by hand and with automated tools. These attacks will extract data such as tokens, emails, hidden products, and password hashes which we then proceed to crack.

After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the network, application, and database layers. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections.

Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications.

Pre-Requisites:
To understand how SQL injections work and how to perform them as well as defend against them, you must have:
- Experience working with web applications
- Experience with SQL

Timestamps:
About the course - 00:00 - 04:15
Setting up a safe & legal environment - 4:16 - 14:20
Getting started with OWASP ZAP - 14:21 - 18:41
SQL Concepts - 18:42 - 25:16
SQL Injections Explained - 25:17 - 35:27
SQL Injections Cheatsheets - 35:28 - 45:08
Information Gathering - 45:09 - 58:36
SQL Injections Hands-On - 58:37 - 01:14:41
SQL Injections with SQLMap - 01:14:42 - 01:23:29
Defenses at the Network Layer - 01:23:30 - 01:25:58
Defenses at the Application Layer - 01:25:59 - 01:37:49
Defenses at the Database Layer - 01:37:50 - 01:41:40
Ending Screen - 01:41:41 - 01:41:50

Рекомендации по теме

Комментарии

Here's an update on how to install Docker on the new Kali version. It's actually much simpler now!

TL;DR:
sudo apt update
sudo apt install -y docker.io

sudo systemctl enable docker --now
sudo usermod -aG docker $USER
newgrp docker

Cybrcom

I am really glad that there are people like you in this world. Thank you so much for your Video.

AbhishekkumarSir

The most powerful and professional course I've ever seen. Thanks a lot

islamkaram

Your channel was arrived in my YouTube screen in time. I recommend this to my group so they can watch it too. Thank you very much. Wishing you all the best in life. Cheers!!!

vandamieespadero

what not even 1 k subscribers cmon man this guy deserves better

mynamejeff

found your video while researching for materials for my undergrad paper about SQL Injections. You are a better teacher than my college one xD

nagizah

feeling lucky to find you even before you hit your first 100 subscribers.
Wishing you for 1M subscribers.

chetah

I brought your course from Udemy so well spent money THANKS

janekmachnicki

your English is so clear to understand non-English native speakers like me. Thank you so much!

Thanks dude, i learned a lot by watching your videos, it is still difficult with those codes and stuff but the way you explains makes it easier! Thanks again :)

eyeinthesky

isn't the scaning a target is a 2nd phase for pentesting?? while not Info Gathering?

profesurtom

Still watching your videos
Thank you so much

deadoralive

Woow, that was educative and informative. You have done a great job.

jacafe

is that working if i apply this union sqli query param=')) union select name, name, name, name, name, name, name, name, name from sqlite_master where type='table' -- in login field to get all tables?, im asking because i've been tried it out but nothing happend, is that because the login field doesn't vulnerable to this query?

ggsjcko

If you having troubles with virtualbox and it is "aborted" make sure to enable "amd v" in bios setting

sigge.g

Thanks I’m here to prepare my interview for cyber security consultant

nimcoabdi

Hey if we shut down our system or close the docker seession do we need to download them again

. and btw i love your videos and content you provide . THANKS FOR THEM, you are just helping us more than you think.!!!

profesurtom

woow, am half way through but enjoying it. I feel like i can hack any database now haha. Thanks for this content

bricer

1:39:24. LOL, well a lot of time this is true but we need it. LOL. thanks for this, course I hope you will upload more video to help us especially for beginners. THAANNKSKSSSS

justkiddieng

Bro great job help me too much to learn, hopefully more video of you.
Thanks

uuusa

SQL Injections: The Full Course

SQL Injections: The Full Course

SQL Injection Hacking Tutorial (Beginner to Advanced)

SQL Injections are scary!! (hacking tutorial for beginners)

Basics of SQL Injection - Penetration Testing for Ethical Hackers

SQL Injection | Complete Guide

What Is SQL Injection?

SQL Injection For Beginners

SQL Injection Beginner Crash Course

Hack The Box - Tier 1: Mentoring for Beginners

you need to learn SQL RIGHT NOW!! (SQL Tutorial for Beginners)

SQL Injection Attack Tutorial - I didn't know you can do that

What is SQL INJECTION ? | How It Works, Examples and Prevention (Full Tutorial)

SQL Injection Tutorial for Beginners

What is SQL Injection? | SQL Injection Tutorial | Cybersecurity Training | Edureka

Pentesting Diaries 0x1 - SQL Injection 101

Live Hacking: SQL Injection For Beginners (Part 1)

SQL Injection Crash Course | SQLi

Database Breached: The Power of SQL Injection

Web Exploitation – Full Course (9+ Hours)

Advanced SQL Injection Tutorial

advanced SQL injection

SQL Injection Explained | SQL Injection Attack in Cyber Security | Cybersecurity | Simplilearn

Burp Suite Tutorial For Beginners With SQL Injection

Beginner's Guide to sqlmap - Full Course