Ethical Hacking: SQL Injection

Pluralsight is not an official partner or accredited training center of EC-Council. This course goes through how to detect SQL injection and identify risks as you to become an ethical hacker with a strong SQL injection understanding.
Course info
Rating
(419)
Level
Beginner
Updated
May 20, 2015
Duration
5h 25m
Table of contents
Why SQL Injection Matters
Understanding SQL Queries
The Mechanics of SQL Injection Attacks
Discovering Schema and Extracting Data
Blind SQL Injection
Advanced SQL Injection Concepts
Defending Against Attacks
Evasion Techniques
Automating Attacks
Description
Course info
Rating
(419)
Level
Beginner
Updated
May 20, 2015
Duration
5h 25m
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Ever since we started connecting websites to databases, SQL injection has been a serious security risk with dire ramifications. The ability for attackers to run arbitrary queries against vulnerable systems can result in data exposure, modification, and in some cases, entire system compromise. SQL injection is classified as the number one risk on the web today due to the "perfect storm" of risk factors. It's very easily discoverable, very easily exploited, and the impact of a successful attack is severe. Add to that the fact that injection risks remain rampant, it's clear how it deserves that number one spot. This course takes you through everything from understanding the SQL syntax used by attackers, basic injection attacks, database discovery and data exfiltration, advanced concepts, and even using injection for network reconnaissance and running system commands. It's everything an ethical hacker needs to know to be effective in identifying the SQL injection risk in target systems. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

About the author
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Modern Browser Security Reports
Beginner
57m
3 Aug 2018
More courses by Troy Hunt
Section Introduction Transcripts
Section Introduction Transcripts

Evasion Techniques
In this module we're going to start to look at how we can evade SQL injection defenses. And this is really going to focus on what sort of patterns of SQL injection our application's looking for and how can we construct requests such that they don't match those patterns? Now in this module you're understanding of the SQL syntax becomes really important because we're going to get quite creative about the way we reconstruct an attack so that it executes in the same way, but it has a fundamentally different structure. So let's move on and start looking at what I mean by that. The thing about many injection defenses is that they do involve looking for common patterns. So for example, in the last module on defending against attacks, I talked about validating untrusted data and that involved the application rejecting potentially malicious requests. The thing about this though, is that these basic signature definitions can often be circumvented. And as I just mentioned, this will really just come down to creativity with the SQL syntax. So how can we form those same attacks in a different way such that they evade the signature definitions? Let's go and have a look at a few different ways of doing this.