Introduction to SQL Injection

[toggle_content title="Transcript"] Hi Leo Dregier here. We are going to talk about SQL injection. Now at first you may think - hey that is just the database what can possibly go wrong right? Well most web applications connect to some sort of backend database. Whether it be mySQL or Microsoft SQL or Oracle or any other database - databases are basically a file of stuff but we are going to look at that file and all the information in the databases and we are going to see how that plays into the whole session here. So I am going to look at the different SQL injection attacks we are going to look at ways in which a company or client can defend against SQL injection the different types of - is it even possible? Are you working in a way in which you can see the results of your attack or are you working completely blind. I like to kind of use the example of just poking and prodding around and you can't see what is going on in front you. Because in many cases if you can think if the error messages or information that is disclosed to you. How do you know if your SQL injection attack works? So we can start off at the basics we are going to cover everything from what is SQL injection but quickly we are going to move into the advanced SQL injection attacks. One of my favorites things I do in the introduction of SQL injection is just Google SQL injection and see what you come up with. There is a loads of information out there which you can learn this very, very effectively now it takes years and years and years to become a seasoned database administrator and only seconds for an attack to basically be realized. So we are going to look at everything from getting our applications and operating systems to execute code for us whether it is be command line or some sort of web application to do it for us. We are looking to bypassing and basically poking and prodding around the web application and the database relationship to get the applications to do what we want. We will follow up with the different types of invasion techniques. So that we don't get caught as a penetration tester and then how companies can defend against themselves. So stay tuned we are going to get started right now. [/toggle_content] This Web Application lecture video introduces you to SQL Injection, a hacking technique using malicious SQL statements. This module explores SQL Injection in detail, and the SQL Injection lab series demonstrates how malicious SQL statements work and discusses how to defend against them.  The module also explores the different types of SQL Injections and how to configure this penetration testing tool to work effectively for you. You’ll also learn the ins/outs of evasion database administrative techniques and how to avoid getting caught during your penetration testing. The topics explored in the SQL Injection module include:
  • Whiteboard, which shows the interrelationship of all the basic components you’ll utilize for this module
  • And the following simulation labs:
    • BlindElephant Lab
    • pHp ID Lab
    • SQL Map Lab
    • SQL Injection
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?