SQL injection vulnerabilities are one of the most dangerous issues that can affect a web application. In this section, you will learn what it is, how it works, and see the difference between SQLi and Blind SQLi.
- [Instructor] Hi, and welcome to section six.…In this section we're going to learn about one of the most…dangerous vulnerabilities that can affect web applications,…SQL injection.…In the previous section we learned about the different…authentication methods, and we created a password…brute forcing tool.…In this section we're going to start by learning…what is SQL injection and how it works.…Then we are going to learn how to detect a SQL injection,…and automate it with Python.…
Then we're going to see how we can exploit…the detected vulnerability and automate the actions…we want to perform.…Finally, we're going to learn how to detect…blind SQL injection.…Now we move on to the first video of this section…that introduces what is SQL injection vulnerability.…We're going to start explaining what is…SQL injection vulnerability, explain how it works,…and then we're going to learn about the differences…between SQL injection and blind SQL injection.…
What is SQL injection?…It is a type of input manipulation vulnerability.…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests