인프런 영문 브랜드 로고
인프런 영문 브랜드 로고
BEST
Security & Network

/

Computer Security

SQL Injection Attack Techniques and Secure Coding Explained by a Simulated Hacking Practitioner: PART 1

SQL Injection, the flower of web hacking, explained by a mock hacking practitioner! Learn attack and defense at the same time.

(4.8) 99 reviews

1,093 students

Penetration Testing
Injection

This course is prepared for Basic Learners.

What you will learn!

  • Building a basic understanding of vulnerabilities

  • Understand why vulnerabilities occur and the detailed principles

  • Identifying various attack points that occur in practice

  • Learn the attacks used in practice

  • Apply direct countermeasures to vulnerable functions and learn secure coding

📖 A series of SQL Injection attacks taught by a mock hacking expert!

 

  • PART(1) : Basics / Practical Attacks / Secure CodingCurrent Course
    This is a training course that covers the most important aspects of SQL Injection attacks. You can learn attack techniques used in practice from the basics, various countermeasures, and secure coding. This is a required training course that serves as the basis for subsequent training.

 

  • PART(2) : Application / Advanced / Advanced
    This is training on applied attack techniques and advanced attack techniques not covered in PART (1).

 

  • PART(3) : Creating an automation tool
     This is a training course that applies learned attack techniques to automation tools to create a Python-based automation tool.

 

 

 

📖 Why should I learn SQL Injection?

A popular character in the web hacking world! The more people know about it, the more influential the attack is, right?

Most of today's web applications have many functions that dynamically configure pages through user input values. In this environment, from the attacker's perspective , as the number of attack targets increases, effective analysis methods and attack techniques for each situation are required. On the other hand, from the defender's perspective , for effective defense, security solutions are installed in the inline section or secure coding is performed. You have to know the attack to know how to defend, right?

 

 

📖 Attack techniques that can be applied immediately in practice!

In order to effectively analyze vulnerabilities, you will learn how to analyze various attack points using different methodologies, what kind of attack to do in what environment, and the attack techniques according to these criteria. We will cover each attack technique used in this practice in detail.

 

 

📖 Provides PHP-based practice bulletin boards for each DBMS!

We provide a practice bulletin board based on PHP-MYSQL, PHP-MSSQL, and PHP-ORACLE, through which you can practice SQL Injection for various DBMS.

 

 

📖 Learn SQL Injection attack techniques and secure coding by following along!

Each technical element for completing the SQL Injection attack technique does not end in theory.
We will provide hands-on training for each DBMS.

We will examine the response measures for each function in detail and conduct a hands-on exercise to directly apply secure coding to vulnerable bulletin boards.

 

 

📖 Expected effects through education

  • If you are just starting to study SQL Injection, this training will serve as a guideline to point you in the right direction.
  • If you already know about SQL Injection, you will experience the magic of your scattered knowledge being connected, and if you are lost, we will point you in the right direction.

 

 

 

🛠 Programs covered here

  • Burp Suite
  • APMSetup / MSSQL / ORACLE
  • QueryBox

※ How to use Burp Suite is not covered in this training. You can refer to the basic usage method in the training " Stories about Web Hacking and Simulated Hacking in the Field ".

 

 

🙋🏻‍♂️ Questions QnA

Q. I want to take the course, but is there anything I need to know beforehand?
A. Basically, you must know and listen to web fundamentals and basic SQL grammar , and it is also recommended to take additional web hacking training.

Q. If I complete the training, can I get a practical diagnosis?
A. Of course! However, it is not something that can be achieved by just receiving education. In order to perform an act of attack, you need to study and practice enough on your own to obtain satisfactory results. In order to obtain something, it is necessary to make efforts.

Q. Why is the training time so long compared to other mock hacking training programs' SQL Injection training?
A. This training is a specialized training that only covers SQL Injection, so it is bound to be long. Of course, the approach will be completely different. If the existing attack approach methods are separate for each attack, this training can be seen as connecting them into one. And you can find out why you should do this kind of attack.

Q. Can non-majors and students also take the course?
A. Of course! However, if you take the required viewing lectures below and fully understand them, you can take this training.

 

 

💡 Must-see lectures

Web technology basics you must know
A course to learn the basics of web technology
Basic SQL Grammar for Successful SQL Injection Attacks
Basic steps to learn SQL injection attacks
Talk about web hacking and mock hacking in the field
Beginner's Guide to Learning Web Hacking

※ Nanum font provided by Naver is used in this training PPT.

Recommended for
these people!

Who is this course right for?

  • For those who want to learn SQL Injection properly

  • For practitioners who have difficulty finding SQL Injection vulnerabilities when diagnosing websites

  • For practitioners who only perform vulnerability diagnosis

  • People who can't attack without SQL Injection automation tool

  • For those who want to gather their knowledge about SQL Injection in one place.

  • If you want to know exactly what attack to do in what environment

  • For those who want to know the exact attack process

  • If you fail to provide the correct response plan

Need to know before starting?

  • Web Basics

  • Buff Suite Basic Usage

  • Web Hacking Basics

  • SQL Basic Grammar

Hello
This is

24,683

Students

1,215

Reviews

492

Answers

4.9

Rating

18

Courses

:: 국내 정보보안 솔루션 개발 기업 재직 ::
- 앱 위변조 방지 솔루션 : 미들웨어 담당 / 해킹 대회 운영진 / 국내 유명 해킹/방어 훈련장 제작

:: 국내 정보보안 전문 업체 재직 ::
- 블랙박스 모의해킹 / 시나리오 기반 모의해킹 / 웹 취약점 진단 / 모바일 취약점 진단 / 소스코드 취약점 진단 / APT 모의 훈련 / DDoS 모의훈련 / 인프라 진단 / 스마트 가전 진단
- 국내 대기업, 중소기업 다수 진단

:: 외부 교육 및 활동 ::
- 멀티캠퍼스, 국가 보안 기술 연구소(ETRI)
- 국내 정보보안 업체 : 재직자 대상 "웹 모의해킹 심화 교육" 진행중
- 해커팩토리 문제 제작

:: 취약점 발견 ::

1) Web Application Server 취약점
- TMAX JEUS : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)
- IBM WebSphere(CVE-2020-4163) : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)

2) CMS(Contents Management System) 취약점
- 네이버 스마트에디터 : 파일 업로드 취약점
- 그누보드 : SQL Injection , 파일 업로드 취약점(그누보드4, 그누보드5), XSS ...
- 킴스큐 : 파리미터 변조 취약점 , 파일 업로드 취약점

* 이메일 : crehacktive3@naver.com
* 블로그 : http://www.crehacktive.co.kr

Curriculum

All

123 lectures ∙ (24hr 31min)

Course Materials:

Lecture resources
Published: 
Last updated: 

Reviews

Not enough reviews.
Become the author of a review that helps everyone!