The access to this course is restricted to Hakin9 Premium or IT Pack Premium Subscription
18 CPE Credits
What will students learn ?
SQL Injection attacks and methods
More injection methods to XPath, LDAP and NoSQL
Practical experience in attacking data stores
What skills will students gain ?
Data store exploitation
Practical experience in SQL injection and other data store injection methods
Securing their web application from data store injection attacks
What will students need?
PC with a preferred operating system (Mac OSX 10.5+, Windows 7+, Linux)
What should students know before they join?
Basics and understanding of an SQL language
Basics and understanding of web applications and how they work
Basics of HTML, data structures and programming
Introduction to SQL, Data stores, Data Store Injection and SQL Injection
In this module, we will quickly examine how SQL and Data stores work in a web server, and we will be introduced to data store attacking and some Injection methods with practical examples, attacking web applications with conventional methods.
Introduction to SQL and Data Stores
Introduction to Data Store Attacks
Introduction to Injection attacks (SQL, XML etc.)
Practical Injection examples
Advanced SQL Injection
In module 2, we dive deep into SQL Injection with advanced ways and we will see ways to encrypt our attacks to make it more effective in the new ways of security, all these with practical, real world examples.
Injecting into Different Statement Types
Extracting Useful Data
Second-Order SQL Injection
Injecting into XPath, LDAP and NoSQL
In module 3, we will examine more ways of injection in data stores starting with NoSQL, XPath and LDAP, but not limited to them, advancing our data store injection knowledge.
Injecting into NoSQL
Injecting into XPath
Injecting into LDAP
Data Store web application security measures
Finally, in module 4, we will see prevention methods with practical examples for our data store applications, build from the previous examples. The prevention methods will be complex and combined methods for our web applications.
Preventing SQL Injection
Security to other data store types
Instructor: Thomas Sermpinis
8 years of experience in the Security sector
Java, C++, Python
Editor of “Penetration Testing with Android Devices”, “Penetration Testing with Kali 2.0” courses of PenTest Magazine.
Editor of “Android Malware Analysis” course on eForensics Magazine.
Editor on DeltaHacker Magazine
4 years of blogging on Penetration Testing topics
Hacking and Android Enthusiast