SQL Injection, the flower of web hacking, explained by a mock hacking practitioner! Learn attack and defense at the same time.
1,199 learners
Level Basic
Course period Unlimited
Reviews from Early Learners
5.0
고광우
Today, I finally finished the first session. There are still materials to organize and review, but... First of all, my evaluation of this lecture was that it was really worth the money. I previously attended a security-related IT academy in Jongno 3-ga, and I learned web hacking for nearly 1 million won five years ago, but I only learned knowledge that was almost useless in practice. I wasted time and money. Then, I happened to listen to the instructor's SQLi lecture, and it was a systematic and technical lecture that I could not learn anywhere else, starting from metadata, to the preparation process for SQLi (checking for errors -> checking for vulnerabilities -> completing conditional statements), selecting SQLi attack methods based on the presence of web pages and conditions (Error based SQL Injection, Union Based Injection, Blind SQL Injection). I think it was a great fortune in my life to meet the instructor through the platform called Infraon. I will review Part 1 and organize the materials while also taking Part 2 lectures. Thank you very much.
5.0
이준호
I'm writing a review now because I've been so busy since I got a job. There's no need to say anything. I strongly recommend that those studying for mock hacking and those in the field take CriHackTive's lectures. They're solid, from the concepts to the practical exercises and practical tips. I've taken many lectures, but none of them have really hit home like this. Some of you may think the lecture fee is a bit high (Is it right to pay for something I learned when I was a broke job seeker? It's all there on the internet, right?) After taking the lecture, the concepts were firmly ingrained in my head. Wow, I can say for sure that you won't regret it. I highly recommend it. I had fun studying and felt like I was growing while taking the lectures. I was also successful in getting a job. I look at the lecture summary even while working. It was really helpful. Maybe because we have the same regional dialect, I felt so close and enjoyed the lectures. I always look forward to CriHackTive's new lectures. Thank you always :)
5.0
WebWH
I felt like I gained thorough knowledge because you explained each principle one by one. It was really good that I could immediately think of what to do first if I were to diagnose while organizing the process in my head. Since I am not a white hacker, I am currently creating an environment to practice using Django and Spring after listening to it twice more, and while developing, the process came to mind and I wanted to use filtering logic. Haha. Anyway, it was a great help and I am very happy! I want to watch the next lectures, Part 2, 3, and 4 soon! [Total 3 times + @ Added after class] After taking the first class, I started my career as a security consultant, and I was able to find SQLi vulnerabilities in almost every project with what I heard in CriHackTive's lecture. And most of all, when I saw consultants with n years of experience not understanding payload and asking me questions, I realized that CriHackTive's lecture had tremendous depth. Through repeated learning, I was able to use WAF bypass and efficient data retrieval in my practice. Thank you again.
Building a basic understanding of vulnerabilities
Understand why vulnerabilities occur and the detailed principles
Identifying various attack points that occur in practice
Learn the attacks used in practice
Apply direct countermeasures to vulnerable functions and learn secure coding
A popular figure in the web hacking world! The fact that so many people are aware of the attack means its impact is significant, right?
Most web applications today feature dynamic page generation based on user input. In this environment, attackers face a growing number of attack targets, necessitating effective analysis methods and adaptive attack techniques tailored to each situation. Conversely, defenders often implement inline security solutions or secure coding for effective defense. Understanding attacks is crucial for effective defense, right?
For effective vulnerability analysis, you'll learn how to analyze various attack points using specific methodologies. You'll also learn the appropriate attack techniques and the specific environments in which they should be used. This course covers each attack technique used in practice in detail.
We provide a practice bulletin board based on PHP-MYSQL, PHP-MSSQL, and PHP-ORACLE, through which you can practice SQL injection for various DBMS.
Each technical element for completing SQL Injection attack techniques does not end in theory.
We will conduct hands-on training for each DBMS.
We'll take a closer look at the response measures for each function and conduct hands-on practice applying secure coding to vulnerable bulletin boards.
※ How to use Burp Suite is not covered in this training. You can refer to the basic usage method in the training " Stories about Web Hacking and Simulated Hacking in the Field ".
Q. I want to take the course, but is there anything I need to know beforehand?
A. Basically, you must know and listen to the basics of web and SQL grammar , and it is also recommended to take additional web hacking training.
Q. If I complete the training, can I get a practical diagnosis?
A. Of course! However, simply receiving training isn't enough. To achieve satisfactory results, you need to study and practice on your own. To achieve anything, you need to put in the effort.
Q. Why is the training time so much longer than that of other mock hacking training programs for SQL injection?
A. This training is specialized and covers only SQL injection, so it's bound to be long. Of course, the approach will also be completely different. While existing attack approaches are separate and distinct, this training connects them into a single, unified framework. You'll also discover why you need to carry out this type of attack.
Q. Can non-majors and students also take the course?
A. Of course! However, you must complete the required viewing lectures below and fully understand them before taking this course.
※ This training PPT uses Nanum font provided by Naver.
Who is this course right for?
For those who want to learn SQL Injection properly
For practitioners who have difficulty finding SQL Injection vulnerabilities when diagnosing websites
For practitioners who only perform vulnerability diagnosis
People who can't attack without SQL Injection automation tool
For those who want to gather their knowledge about SQL Injection in one place.
If you want to know exactly what attack to do in what environment
For those who want to know the exact attack process
If you fail to provide the correct response plan
Need to know before starting?
Web Basics
Buff Suite Basic Usage
Web Hacking Basics
SQL Basic Grammar
26,931
Learners
1,484
Reviews
508
Answers
4.9
Rating
18
Courses
Hello, this is CreeHacktive.
Based on my years of experience diagnosing and researching various web services, I have been sharing practical, job-ready knowledge through the Inflearn platform.
I also authored Crehacktive's All-in-One Web Hacking Bible, which systematically covers the basics of web hacking. For those who lack foundational knowledge, I recommend starting your studies with this book.
Email : crehacktive3@naver.com
All
123 lectures ∙ (24hr 31min)
Course Materials:
All
115 reviews
4.8
115 reviews
Reviews 4
∙
Average Rating 5.0
Edited
5
I'm currently working at an information security company, so I wanted to take related training, and I applied for and attended this course. I am extremely satisfied as a result. The instructor's expertise is evident throughout the lecture. The more I listened to the lecture, the more ashamed I felt about only performing superficial diagnostics until now. I didn't know what kind of attacks to perform in what environment, but through this training, I was able to clearly understand what kind of attacks to perform depending on the environment. Also, the attack process that the instructor seems to have created personally will be really helpful in practical diagnostics. There are many times when I have to perform an attack... but I just stare blankly at the parameters and don't know what to do, but if I refer to this, I think I can smoothly perform the diagnostics sequentially. Oh, and that roadmap is amazing, I printed it out. I've only watched it once, but I'm going to watch it two more times as the instructor said. Thank you, instructor.
Thank you so much for the long review! I'm so glad it was helpful. Thank you for your valuable review. Have a nice day~
Reviews 15
∙
Average Rating 4.3
5
I felt like I gained thorough knowledge because you explained each principle one by one. It was really good that I could immediately think of what to do first if I were to diagnose while organizing the process in my head. Since I am not a white hacker, I am currently creating an environment to practice using Django and Spring after listening to it twice more, and while developing, the process came to mind and I wanted to use filtering logic. Haha. Anyway, it was a great help and I am very happy! I want to watch the next lectures, Part 2, 3, and 4 soon! [Total 3 times + @ Added after class] After taking the first class, I started my career as a security consultant, and I was able to find SQLi vulnerabilities in almost every project with what I heard in CriHackTive's lecture. And most of all, when I saw consultants with n years of experience not understanding payload and asking me questions, I realized that CriHackTive's lecture had tremendous depth. Through repeated learning, I was able to use WAF bypass and efficient data retrieval in my practice. Thank you again.
I'm so happy that the process came to mind. Thank you so much for writing a great review! I get strength from your valuable review. Thank you so much. I will make the next lectures well and open them. Please show a lot of interest and support.^^ Have a nice weekend~
Reviews 1
∙
Average Rating 5.0
Reviews 15
∙
Average Rating 5.0
Reviews 8
∙
Average Rating 4.9
$127.60
Check out other courses by the instructor!
Explore other courses in the same field!
![File Upload Vulnerability Advanced Attack Techniques PART2 [Integrated Edition]Course Thumbnail](https://cdn.inflearn.com/public/courses/333012/cover/12bd40e1-1e17-493a-81b9-64ac5fed558e/333012.png?f=avif&w=420)
