• LOGIN
    • No products in the cart.

SELF-PACED, IN SESSION, 18 CPE CREDITS In this course, we start data store application hacking, such as SQL Injection, XPath injection, etc.

Nowadays, web applications are everywhere in the internet or in local networks. From personal blogs, to bank applications, every modern web site and service uses web applications for a better, more secure and reliable service. But is our web site or service, really safe? In this course, we start data store application hacking, such as SQL Injection, XPath injection, etc., which may be the most serious type of attacks, that can leak sensitive information from the hosting site, such as usernames and passwords.

 SELF-PACED, 18 CPE Credits 

What will students learn?

    • SQL Injection attacks and methods


    • More injection methods to XPath, LDAP and NoSQL


    • Security measures


    • Practical experience in attacking data stores


What skills will students gain?

    • Data store exploitation


    • Practical experience in SQL injection and other data store injection methods


    • Securing their web application from data store injection attacks


What will students need?

    • PC with a preferred operating system (Mac OSX 10.5+, Windows 7+, Linux)


What should students know before they join?

    • Basics and understanding of an SQL language


    • Basics and understanding of web applications and how they work


    • Basics of HTML, data structures and programming



>>Pre-Course Materials<<


SYLLABUS

Module 1

Introduction to SQL, Data stores, Data Store Injection and SQL Injection

In this module, we will quickly examine how SQL and Data stores work in a web server, and we will be introduced to data store attacking and some Injection methods with practical examples, attacking web applications with conventional methods.

    • Introduction to SQL and Data Stores


    • Introduction to Injection Attacks


    • Data Store Injection


    • Introduction to XML, JavaScript and SQL injection attacks


    • Different Statement Injection


    • UNION Operator


    • Database Fingerprinting


    • Exercises


Module 2

Advanced SQL Injection

In module 2, we dive deep into SQL Injection with advanced ways and we will see ways to encrypt our attacks to make it more effective in the new ways of security, all these with practical, real world examples.

    • Bypassing filters


    • Injecting into Different Statement Types


    • Extracting Useful Data


    • Second-Order SQL Injection


    • And more


    • Exercises


Module 3

Injecting into XPath, LDAP and NoSQL

In module 3, we will examine more ways of injection in data stores starting with NoSQL, XPath and LDAP, but not limited to them, advancing our data store injection knowledge.

    • Injecting into NoSQL


    • Injecting into XPath


    • Injecting into LDAP


    • Exercises


Module 4

Data Store web application security measures

Finally, in module 4, we will see prevention methods with practical examples for our data store applications, build from the previous examples. The prevention methods will be complex and combined methods for our web applications.

    • NoSQL Injection


    • Securing your DataStore (Input Validation, Output Encoding, Parametrized Queries, Least Privileges, and more)


    • Securing LDAP, XPath and NoSQL


    • Conclusion


    • Final Exam



Instructor: Thomas Sermpinis

tomsermpinis-310x310

    • 8 years of experience in the Security sector


    • Java, C++, Python


    • Editor of “Penetration Testing with Android Devices”, “Penetration Testing with Kali 2.0” courses of PenTest Magazine.


    • Editor of “Android Malware Analysis” course on eForensics Magazine.


    • Editor on DeltaHacker Magazine


    • 4 years of blogging on Penetration Testing topics


    • Hacking and Android Enthusiast


Course Reviews

N.A

ratings
  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

TAKE THIS COURSE
  • $250.00
  • UNLIMITED ACCESS
  • Course Certificate
107 STUDENTS ENROLLED
  • Profile photo of Marta Sienicka
  • Profile photo of Thomas Sermpinis
  • Profile photo of joanna_kretowicz
  • Profile photo of zstoth
  • Profile photo of davidrolin
  • Profile photo of jychia

Who’s Online

Profile picture of Anthony Quarshie

Certificate Code

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013