How experts look for SQL injection vulnerabilities
“Hello, my name is ' or 1=1 #”
Taught by: Peter Zsiros
Length: 20+ hours
Do you want to know SQL injection inside out?
Though SQL injection is not a new hacking technique, it still remains an alarming threat to a great proportion of web applications, so every good ethical hackers should know it in depth.
The main goal of this training is to guide you through the penetration testing of web applications that use databases, from basic to expert level. You will get in-depth coverage of all the techniques, not just the basics found everywhere on the internet. In addition to learning the usage of the most popular and usable automated tools, you will also learn to manually test the applications so you understand the vulnerabilities and the techniques to take advantage of them.
You will learn how to find error based, union based and blind SQL injection vulnerabilities, how to fetch data from the database, how to evade filters and web application firewalls, how to fetch files from the operating system or write files out with the help of SQL injection.
Join our course today and start learning SQL injection in a profound way.
For penetration testers who need to know and understand SQL injection techniques in depth and what happens under the hood when using automated tools for web application testing. Also recommended for system and security administrators who need to administer and defend web applications and systems. It can be useful for web application developers to get to know the techniques hackers use to attack their web applications.
Basic knowledge in networking and HTML, understand and write SQL queries.
- 50GB of free hard drive
- Virtualization software (e.g.: VirtualBox, VMware)
You will be able to test web applications against SQL injections with and without automated tools. The in-depth knowledge you acquire during the course will enable you to stand out from the masses as a real ethical hacker, instead of just using automated tools without understanding what is happening.
Section 1 - Setup and bypassing basic login screen
First we create an environment to test SQL injections. (For this you can download the virtual machine and the ISO image from http://www.duckademy.com/downloads.) After that you will learn how to bypass a basic login screen and variations of a basic login screen using manual SQL injection, sqlmap and Burp Suite.
Section 2 - Bypassing basic login screen (cont.)
In this sectipn you will learn how to bypass a basic login screen and variations of a basic login screen that use widely used filtering techniques with the help of sqlmap and Burp Suite. You will also learn how to bypass a basic login screen and variations of a basic login screen that use numeric only fields.
Section 3 - Retrieving database metadata using SQL injection
First we will show you how to retrieve metadata such as database names, table names and column names by using SQL injection. After that you will learn how to retrieve metadata by using SQL injection when common filtering methods (user side filtering, apostrophe filtering, server side row counting and white space filtering) and numeric only fields are used.
Section 4 - Using blind SQL injection
Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. In this section you will learn how to retrieve arbitrary data with the use of blind SQL injection techniques. We will examine their usage when common filtering techniques such as white space filtering and row checking are used. We will also test these techniques when the input field is numeric only.
Section 5 - Error based SQL injection
Error based SQL injection takes advantage of poor error handling in an application. Learn how to retrieve arbitrary data with the use of error based SQL injection techniques. In this section you will get an introduction to error based SQL injection through a basic login screen.
Section 6 - Error based SQL injection (cont.)
In this section you will learn how to retrieve arbitrary data with the use of error based SQL injection techniques when common filtering techniques such as white space filtering and row checking are used. We will also examine these techniques when the input field is numeric only.
Section 7 - Other useful SQL injection possibilities
In this section first you will learn how to attack and retrieve arbitrary data by taking advantage of vulnerabilities in the ORDER BY and GROUP BY clauses and the INSERT statement. After that we will examine how to retrieve arbitrary data in several ways with the help of "UNION", even when filtering is used. Finally you will learn how to read content from and write to arbitrary files using SQL injection.
Bonus section 1 - Webapp defense with ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In this section we will examine how we can defend against the previously introduced SQL injection attacks with ModSecurity, which is one of the most widely spread web application firewall.
Bonus section 2 - How to defend databases from SQL injection
HexaTier (formerly GreenSQL) is an open source database firewall used to protect databases against SQL injection attacks. In this section we will show you a way to eliminate the earlier introduced SQL injection attacks with this database firewall.