SQL Injection, the flower of web hacking, explained by a mock hacking practitioner! Learn attack and defense at the same time.
Building a basic understanding of vulnerabilities
Understand why vulnerabilities occur and the detailed principles
Identifying various attack points that occur in practice
Learn the attacks used in practice
Apply direct countermeasures to vulnerable functions and learn secure coding
A popular figure in the web hacking world! The fact that so many people are aware of the attack means its impact is significant, right?
Most web applications today feature dynamic page generation based on user input. In this environment, attackers face a growing number of attack targets, necessitating effective analysis methods and adaptive attack techniques tailored to each situation. Conversely, defenders often implement inline security solutions or secure coding for effective defense. Understanding attacks is crucial for effective defense, right?
For effective vulnerability analysis, you'll learn how to analyze various attack points using specific methodologies. You'll also learn the appropriate attack techniques and the specific environments in which they should be used. This course covers each attack technique used in practice in detail.
We provide a practice bulletin board based on PHP-MYSQL, PHP-MSSQL, and PHP-ORACLE, through which you can practice SQL injection for various DBMS.
Each technical element for completing SQL Injection attack techniques does not end in theory.
We will conduct hands-on training for each DBMS.
We'll take a closer look at the response measures for each function and conduct hands-on practice applying secure coding to vulnerable bulletin boards.
※ How to use Burp Suite is not covered in this training. You can refer to the basic usage method in the training " Stories about Web Hacking and Simulated Hacking in the Field ".
Q. I want to take the course, but is there anything I need to know beforehand?
A. Basically, you must know and listen to the basics of web and SQL grammar , and it is also recommended to take additional web hacking training.
Q. If I complete the training, can I get a practical diagnosis?
A. Of course! However, simply receiving training isn't enough. To achieve satisfactory results, you need to study and practice on your own. To achieve anything, you need to put in the effort.
Q. Why is the training time so much longer than that of other mock hacking training programs for SQL injection?
A. This training is specialized and covers only SQL injection, so it's bound to be long. Of course, the approach will also be completely different. While existing attack approaches are separate and distinct, this training connects them into a single, unified framework. You'll also discover why you need to carry out this type of attack.
Q. Can non-majors and students also take the course?
A. Of course! However, you must complete the required viewing lectures below and fully understand them before taking this course.
※ This training PPT uses Nanum font provided by Naver.
Who is this course right for?
For those who want to learn SQL Injection properly
For practitioners who have difficulty finding SQL Injection vulnerabilities when diagnosing websites
For practitioners who only perform vulnerability diagnosis
People who can't attack without SQL Injection automation tool
For those who want to gather their knowledge about SQL Injection in one place.
If you want to know exactly what attack to do in what environment
For those who want to know the exact attack process
If you fail to provide the correct response plan
Need to know before starting?
Web Basics
Buff Suite Basic Usage
Web Hacking Basics
SQL Basic Grammar
25,880
Learners
1,361
Reviews
497
Answers
4.9
Rating
18
Courses
:: 국내 정보보안 솔루션 개발 기업 재직 ::
- 앱 위변조 방지 솔루션 : 미들웨어 담당 / 해킹 대회 운영진 / 국내 유명 해킹/방어 훈련장 제작
:: 국내 정보보안 전문 업체 재직 ::
- 블랙박스 모의해킹 / 시나리오 기반 모의해킹 / 웹 취약점 진단 / 모바일 취약점 진단 / 소스코드 취약점 진단 / APT 모의 훈련 / DDoS 모의훈련 / 인프라 진단 / 스마트 가전 진단
- 국내 대기업, 중소기업 다수 진단
:: 외부 교육 및 활동 ::
- 멀티캠퍼스, 국가 보안 기술 연구소(ETRI)
- 국내 정보보안 업체 : 재직자 대상 "웹 모의해킹 심화 교육" 진행중
- 해커팩토리 문제 제작
:: 취약점 발견 ::
1) Web Application Server 취약점
- TMAX JEUS : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)
- IBM WebSphere(CVE-2020-4163) : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)
2) CMS(Contents Management System) 취약점
- 네이버 스마트에디터 : 파일 업로드 취약점
- 그누보드 : SQL Injection , 파일 업로드 취약점(그누보드4, 그누보드5), XSS ...
- 킴스큐 : 파리미터 변조 취약점 , 파일 업로드 취약점
* 이메일 : crehacktive3@naver.com
* 블로그 : http://www.crehacktive.co.kr
All
123 lectures ∙ (24hr 31min)
Course Materials:
All
105 reviews
4.8
105 reviews
Reviews 4
∙
Average Rating 5.0
Edited
5
I'm currently working at an information security company, so I wanted to take related training, and I applied for and attended this course. I am extremely satisfied as a result. The instructor's expertise is evident throughout the lecture. The more I listened to the lecture, the more ashamed I felt about only performing superficial diagnostics until now. I didn't know what kind of attacks to perform in what environment, but through this training, I was able to clearly understand what kind of attacks to perform depending on the environment. Also, the attack process that the instructor seems to have created personally will be really helpful in practical diagnostics. There are many times when I have to perform an attack... but I just stare blankly at the parameters and don't know what to do, but if I refer to this, I think I can smoothly perform the diagnostics sequentially. Oh, and that roadmap is amazing, I printed it out. I've only watched it once, but I'm going to watch it two more times as the instructor said. Thank you, instructor.
Thank you so much for the long review! I'm so glad it was helpful. Thank you for your valuable review. Have a nice day~
Reviews 14
∙
Average Rating 4.5
5
I felt like I gained thorough knowledge because you explained each principle one by one. It was really good that I could immediately think of what to do first if I were to diagnose while organizing the process in my head. Since I am not a white hacker, I am currently creating an environment to practice using Django and Spring after listening to it twice more, and while developing, the process came to mind and I wanted to use filtering logic. Haha. Anyway, it was a great help and I am very happy! I want to watch the next lectures, Part 2, 3, and 4 soon! [Total 3 times + @ Added after class] After taking the first class, I started my career as a security consultant, and I was able to find SQLi vulnerabilities in almost every project with what I heard in CriHackTive's lecture. And most of all, when I saw consultants with n years of experience not understanding payload and asking me questions, I realized that CriHackTive's lecture had tremendous depth. Through repeated learning, I was able to use WAF bypass and efficient data retrieval in my practice. Thank you again.
I'm so happy that the process came to mind. Thank you so much for writing a great review! I get strength from your valuable review. Thank you so much. I will make the next lectures well and open them. Please show a lot of interest and support.^^ Have a nice weekend~
Reviews 1
∙
Average Rating 5.0
Reviews 15
∙
Average Rating 5.0
Reviews 8
∙
Average Rating 4.9
$127.60
Check out other courses by the instructor!
Explore other courses in the same field!
![File Upload Vulnerability Advanced Attack Techniques PART2 [Integrated Edition]Course Thumbnail](https://cdn.inflearn.com/public/courses/333012/cover/12bd40e1-1e17-493a-81b9-64ac5fed558e/333012.png?f=avif&w=420)
