Specialized Testing: SQL Injection
This course will teach you how to test for SQL injection, one of the most common security issues in desktop and web applications alike.
What you'll learn
Since the late 1990s, SQL injection has been one of the most common security issues in desktop and web applications alike. In this course, Specialized Testing: SQL Injection, you’ll learn to audit an application for SQL injection. First, you’ll explore the mechanics of SQL injection. Next, you’ll discover the different types of SQL injection. Finally, you’ll learn how to test for SQL injection vulnerabilities. When you’re finished with this course, you’ll have the skills and knowledge of testing for SQL injection needed to audit an application for this kind of vulnerability.
Table of contents
- Introduction 2m
- Types of SQL Injection 3m
- SQL Injection Detection Workflow 4m
- Common In-band Attacks 2m
- Demo: Signing in with Arbitrary Accounts 8m
- Demo: UNION Attacks 6m
- Demo: Retrieving Additional Data 4m
- Demo: Retrieving Authentication Information 6m
- Demo: Blind SQL Injection 5m
- Demo: Out-of-band SQL Injection 4m
About the author
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an... more