Learn your way! Get started

Certified Ethical Hacker, Part 6 of 8: Web Apps and SQL Injection

with expert Rafiq Wayani


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 3/17/2016
Level Intermediate
Runtime 1h 43m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

In the ongoing war between white hat and black hat hackers, web applications are a longstanding yet continually evolving battleground. Rafiq Wayani examines the new weaponry both sides are bringing to the fight and takes a thorough look at one of the most widely used attack vectors, SQL injection. This course is part of a series covering EC-Council's Certified Ethical Hacker (CEH).

Prerequisites

To get the most out of this course, this course assumes that you have a good working knowledge of Linux and Windows based networking environments. It also assumes that you have experience with managing a network, have worked with networking hardware such as switches & routers, are familiar with MS Active Directory (AD) Domain based authentication, know how to work with command-line utilities, and understand the basics of Web Server environments. Many of the demonstrations in this course use the Windows 7 and Kali Linux operating systems which can be downloaded free from the respective sites. All of the demonstrations are created in a virtual environment using Oracle VirtualBox and VMware vSphere 6.

Learning Paths

This course will help you prepare for the following certification and exam:
Certified Ethical Hacker
312-50: Certified Ethical Hacker

Meet the expert

Rafiq Wayani has extensive experience including more than 20 years in IT as Systems Architect, Software Engineer, DBA, and Project Manager. Wayani has instructed in a variety of technical areas, has designed and implemented network and information systems, and is certified across a wide range of platforms and systems including Microsoft Solutions Developer, Systems Engineer, Application Developer, Database Administrator, Trainer; Novell Netware Administrator and Engineer; Master Certified Netware Engineer; and A Certified.

Course outline



Web Application Hacking

Web Application Concepts (05:06)
  • Introduction (00:17)
  • Most Exposed & Least Protected (02:02)
  • Exposure & Protection Cont. (02:33)
  • Summary (00:12)
Web Application Threats (12:27)
  • Introduction (00:18)
  • Web Application Threats (00:42)
  • Application Replays Script (01:34)
  • Email Vector (00:57)
  • Decoded Attack Sequence (01:19)
  • Verbose and Blind (01:19)
  • SQL Injection (00:42)
  • Database Driven Page (00:33)
  • Piggybacking with UNION (01:07)
  • Enumerate All Tables (00:48)
  • Subquery Enumerates Columns (01:55)
  • Select Data from the Column (00:57)
  • Summary (00:12)
Web App Hacking Methodology (10:25)
  • Introduction (00:17)
  • Web App Hacking Methodology (03:21)
  • Demo: Netsparker (00:53)
  • Web App Hacking Methodology (05:39)
  • Summary (00:13)
Web Application Hacking Tools (06:09)
  • Introduction (00:15)
  • Web Application Hacking Tools (03:50)
  • More Hacking Tools (01:47)
  • Summary (00:16)
Web App Countermeasures (07:33)
  • Introduction (00:25)
  • Countermeasures (03:47)
  • How to Protect Yourself (03:12)
  • Summary (00:08)
Web App Security Tools (12:06)
  • Introduction (00:31)
  • Demo: Kali, Nmap, & Nessus (04:30)
  • Demo: Openwall, pof, & WireShark (02:45)
  • Demo: Netcraft, Yersinia, & PuTTY (01:53)
  • Demo: Cain & Abel and Kismet (00:43)
  • Demo: hping and Secapps (01:19)
  • Summary (00:21)
Web Application Pen Testing (11:36)
  • Introduction (00:20)
  • Demo: Veracode (02:21)
  • Demo: Shodan and Arachni (00:46)
  • Demo: Aircrack-ng, AppScan, & Nikto (01:14)
  • Demo: WebScarab, Paterva, & Ironwasp (01:29)
  • Demo: Metasploit & WireShark (00:17)
  • Demo: w3af, Impact Pro, and Kali (00:51)
  • Demo: Netsparker, Nessus & Portswigger (01:30)
  • Demo: Zed Attack & Acunetix (00:25)
  • Demo: BeyondTrust, SQLNinja, & BeEF (01:07)
  • Demo: Dradis & Ettercap (00:49)
  • Summary (00:23)

SQL Injection

SQL Injection Concepts (08:07)
  • Introduction (00:22)
  • SQL Injection (SQLi) (03:08)
  • How Does SQLi Work? (04:18)
  • Summary (00:17)
SQL Injection Types (08:24)
  • Introduction (00:18)
  • Types of SQLi (05:17)
  • How Does SQLi Work? (02:40)
  • Summary (00:08)
SQLi Attack Methodology (05:54)
  • Introduction (00:18)
  • Application Security Risks (03:13)
  • OWASP Top 10 (02:04)
  • Summary (00:18)
SQLi Tools (04:58)
  • Introduction (00:20)
  • SQLi Tools (01:01)
  • Demo: sqlmap (01:56)
  • Demo: SQL Ninja (00:39)
  • Demo: safe3 (00:46)
  • Summary (00:13)
SQLi Evasion Techniques (05:15)
  • Introduction (00:16)
  • SQLi Evasion Techniques (02:03)
  • SQLi Evasion Techniques Cont. (02:40)
  • Summary (00:14)
SQLi Countermeasures (05:46)
  • Introduction (00:18)
  • SQLi Countermeasures (04:16)
  • Demo: Web Application Firewall (00:50)
  • SQLi Countermeasures (00:12)
  • Summary (00:08)