Lisa Bock covers three common vulnerabilities, or security flaws in a system: SQL (Structured Query Language) Injection, Broken Authentication and Session Management, and Cross-site scripting. Learn ways to safeguard your system include performing ‘white list’ input validation, and using Content Security Policy.
- View Offline
- [Voiceover] In taking a look at the top vulnerabilities,…there are three that seem to remain at the top of the list.…Those are SQL injection, broken authentication…and session management, and cross-site scripting.…SQL injection was and still is high in the list.…SQL stands for Structured Query Language.…It is used in relational databses including MySQL,…Oracle, PostgreSQL, Microsoft SQL Server…and Microsoft Access.…
Here is a line from SQL…where it says SELECT CustomerName FROM Customers.…So we'd be pulling a customer name from the table Customers.…However, with SQL injection, this is where an attacker spoof…the data driven application by injecting a string value.…That is not typical into a form field.…It's done because we want to expose the database contents.…Many applications are still susceptible…and the results can be devastating…as the entire database can be read and even modified.…
Improper input validation is the vulnerability.…Yet input validation can easily be done.…What is input validation?…Well, it's a technique we use to defend a web application.…
Security expert Lisa Bock starts with an overview of ethical hacking and the role of the ethical hacker. She reviews the kinds of threats networks face, and introduces the five phases of ethical hacking, from reconnaissance to covering your tracks. She also covers penetration-testing techniques and tools. The materials map directly to the "Introduction to Ethical Hacking" competency from the CEH Body of Knowledge, and provide an excellent jumping off point for the next courses in this series.
Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. Find more courses in the series on Lisa's author page.
- Ethical hacking principles
- Managing incidents
- Creating security policies
- Protecting data
- Conducting penetration testing
- Hacking in phases