Ethical Hacking: SQL Injection
1h 40mIntermediate2021-10-27
Authors

Malcolm Shore
Cybersecurity Expert, Former Director of GCSB
Course details
SQL injections are a common way to gain unauthorized access to web applications and extract data from them. In this course, instructor Malcolm Shore shows you the SQL command language and how it is used by attackers to craft SQL Injections. Malcolm begins with commonly encountered relational databases and the basics of the SQL command language. Then he focuses on advanced SQL commands that may be used by attackers to achieve SQL injections. Malcolm explains how to use a simple Python script and how an SQL injection changes the backend SQL query. Then he demonstrates how SQL injections could be used to exploit some testing targets. Malcolm steps through the process of automating SQL injection exploits, then finishes with advice on how to continue to hone your skills as a penetration tester.
Skills covered
Application SecuritySecurity TestingCybersecurityCert Prep
Concepts
0. Introduction
- 01 - Understanding how SQL injections work
- 02 - What you should know
- 03 - Disclaimer
1. SQL Basics
- 04 - Starting with SQL
- 05 - Creating a MySQL database
- 06 - Using SQL
- 07 - Finding the SQL password
2. Testing for SQL Injections
- 08 - Checking out the Security Shepherd
- 09 - Injecting Mutillidae
- 10 - Deep diving the target with SQLi
- 11 - Cracking the MySQL hash
- 12 - Injecting Microsoft SQL Server
- 13 - Injecting Oracle SQL Server
3. Automating SQL Injection Exploits
- 14 - Inferring TRUE when blind
- 15 - Getting our first sqlmap injection
- 16 - Inserting an SQL injection via Burp Suite
- 17 - Following up with a second injection
- 18 - Defeating the WAF
- 19 - Navigating a complex injection
- 20 - Using request messages to inject SQL
- 21 - Checking out SQLI Labs
Conclusion
- 22 - What's next
Related courses
- Ethical Hacking: Hacking Web Servers and Web Applications
- Ethical Hacking: Social Engineering
- Ethical Hacking: Session Hijacking
- Ethical Hacking: Introduction to Ethical Hacking (2019)
- Ethical Hacking: Denial of Service
- Ethical Hacking: Footprinting and Reconnaissance (2016)
- Ethical Hacking: Scanning Networks (2016)
- Ethical Hacking: Evading IDS, Firewalls, and Honeypots
Related learn paths
- Become an Ethical Hacker
- Become a Penetration Tester
- Penetration Testing Professional Certificate
- Advance Your JavaScript Skills
- Explore Cybersecurity Careers
- AI Regulations for Tech Leaders: The EU AI Act and More
- AI Regulations for Business Leaders: The EU AI Act and More
- Building AI Products: Implementing Responsible AI Professional Certificate by LinkedIn Learning