SQL Injection, the flower of web hacking, explained by a mock hacking practitioner! Learn attack and defense at the same time.
Building a basic understanding of vulnerabilities
Understand why vulnerabilities occur and the detailed principles
Identifying various attack points that occur in practice
Learn the attacks used in practice
Apply direct countermeasures to vulnerable functions and learn secure coding
A popular figure in the web hacking world! The fact that so many people are aware of the attack means its impact is significant, right?
Most web applications today feature dynamic page generation based on user input. In this environment, attackers face a growing number of attack targets, necessitating effective analysis methods and adaptive attack techniques tailored to each situation. Conversely, defenders often implement inline security solutions or secure coding for effective defense. Understanding attacks is crucial for effective defense, right?
For effective vulnerability analysis, you'll learn how to analyze various attack points using specific methodologies. You'll also learn the appropriate attack techniques and the specific environments in which they should be used. This course covers each attack technique used in practice in detail.
We provide a practice bulletin board based on PHP-MYSQL, PHP-MSSQL, and PHP-ORACLE, through which you can practice SQL injection for various DBMS.
Each technical element for completing SQL Injection attack techniques does not end in theory.
We will conduct hands-on training for each DBMS.
We'll take a closer look at the response measures for each function and conduct hands-on practice applying secure coding to vulnerable bulletin boards.
※ How to use Burp Suite is not covered in this training. You can refer to the basic usage method in the training " Stories about Web Hacking and Simulated Hacking in the Field ".
Q. I want to take the course, but is there anything I need to know beforehand?
A. Basically, you must know and listen to the basics of web and SQL grammar , and it is also recommended to take additional web hacking training.
Q. If I complete the training, can I get a practical diagnosis?
A. Of course! However, simply receiving training isn't enough. To achieve satisfactory results, you need to study and practice on your own. To achieve anything, you need to put in the effort.
Q. Why is the training time so much longer than that of other mock hacking training programs for SQL injection?
A. This training is specialized and covers only SQL injection, so it's bound to be long. Of course, the approach will also be completely different. While existing attack approaches are separate and distinct, this training connects them into a single, unified framework. You'll also discover why you need to carry out this type of attack.
Q. Can non-majors and students also take the course?
A. Of course! However, you must complete the required viewing lectures below and fully understand them before taking this course.
※ This training PPT uses Nanum font provided by Naver.
Who is this course right for?
For those who want to learn SQL Injection properly
For practitioners who have difficulty finding SQL Injection vulnerabilities when diagnosing websites
For practitioners who only perform vulnerability diagnosis
People who can't attack without SQL Injection automation tool
For those who want to gather their knowledge about SQL Injection in one place.
If you want to know exactly what attack to do in what environment
For those who want to know the exact attack process
If you fail to provide the correct response plan
Need to know before starting?
Web Basics
Buff Suite Basic Usage
Web Hacking Basics
SQL Basic Grammar
26,166
Learners
1,387
Reviews
502
Answers
4.9
Rating
18
Courses
안녕하세요, 크리핵티브입니다.
다년간 다양한 웹 서비스를 진단하고 연구한 경험을 바탕으로, 실무에 바로 적용 가능한 지식을 인프런 플랫폼에서 공유해오고 있습니다.
그리고 웹 해킹 기초를 체계적으로 다룬 『크리핵티브의 한 권으로 끝내는 웹 해킹 바이블』을 집필했습니다. 기초가 부족한 분들께는 이 책으로 학습을 시작하실 것을 권합니다.
『크리핵티브의 한 권으로 끝내는 웹 해킹 바이블』 저자
이메일 : crehacktive3@naver.com
All
123 lectures ∙ (24hr 31min)
Course Materials:
All
108 reviews
4.8
108 reviews
Reviews 4
∙
Average Rating 5.0
Edited
5
I'm currently working at an information security company, so I wanted to take related training, and I applied for and attended this course. I am extremely satisfied as a result. The instructor's expertise is evident throughout the lecture. The more I listened to the lecture, the more ashamed I felt about only performing superficial diagnostics until now. I didn't know what kind of attacks to perform in what environment, but through this training, I was able to clearly understand what kind of attacks to perform depending on the environment. Also, the attack process that the instructor seems to have created personally will be really helpful in practical diagnostics. There are many times when I have to perform an attack... but I just stare blankly at the parameters and don't know what to do, but if I refer to this, I think I can smoothly perform the diagnostics sequentially. Oh, and that roadmap is amazing, I printed it out. I've only watched it once, but I'm going to watch it two more times as the instructor said. Thank you, instructor.
Thank you so much for the long review! I'm so glad it was helpful. Thank you for your valuable review. Have a nice day~
Reviews 14
∙
Average Rating 4.5
5
I felt like I gained thorough knowledge because you explained each principle one by one. It was really good that I could immediately think of what to do first if I were to diagnose while organizing the process in my head. Since I am not a white hacker, I am currently creating an environment to practice using Django and Spring after listening to it twice more, and while developing, the process came to mind and I wanted to use filtering logic. Haha. Anyway, it was a great help and I am very happy! I want to watch the next lectures, Part 2, 3, and 4 soon! [Total 3 times + @ Added after class] After taking the first class, I started my career as a security consultant, and I was able to find SQLi vulnerabilities in almost every project with what I heard in CriHackTive's lecture. And most of all, when I saw consultants with n years of experience not understanding payload and asking me questions, I realized that CriHackTive's lecture had tremendous depth. Through repeated learning, I was able to use WAF bypass and efficient data retrieval in my practice. Thank you again.
I'm so happy that the process came to mind. Thank you so much for writing a great review! I get strength from your valuable review. Thank you so much. I will make the next lectures well and open them. Please show a lot of interest and support.^^ Have a nice weekend~
Reviews 1
∙
Average Rating 5.0
Reviews 15
∙
Average Rating 5.0
Reviews 8
∙
Average Rating 4.9
$127.60
Check out other courses by the instructor!
Explore other courses in the same field!
![File Upload Vulnerability Advanced Attack Techniques PART2 [Integrated Edition]강의 썸네일](https://cdn.inflearn.com/public/courses/333012/cover/12bd40e1-1e17-493a-81b9-64ac5fed558e/333012.png?f=avif&w=420)
