SQL Injection is a major attack, that’s why it is at number one in OWASP (Open Web Application Security Project) Top 10 attack list. It has four major types: Blind SQL Injection, Error Base SQL Injection, Boolean Based Blind SQL injection and Time Based SQL injection. If hackers successfully found SQL Injection vulnerability in any web application, they can gain access of whole database. Security Researchers are doing work to find advance mitigation techniques to completely get rid of this cyber threat, but hackers are so smart.
In this 7 days training program, we will learn how to find SQL Vulnerabilities in Web Applications and which security techniques we can use to save our web application and database from hackers.
SQL is a widely used language to communicate with database. A small mistake can allow hackers to make changes in database. If you want to defeat hackers, think from hacker’s point of view. CDI has organized this 7 days training program to aware the security geeks about latest and advance security techniques.
1. Attendees will know about SQL Injection Attack. They will learn how attackers exploit SQL vulnerabilities in web applications.
2. Candidates will know about the impacts of SQL Injection on web application and database.
3. Which security methods web app developers should use to block all the ways for hackers?
4. Attendees will do live practical on Blind SQL Injection, Error Base SQL Injection, Boolean Based SQL injection and Time Based SQL injection. A live practical can teach you difficult things in an easy way.
1. How to find Blind SQL Injection vulnerabilities and how to exploit it?
2. How Error Based SQL Injection works and which queries you can use to manipulate database manually?
3. Boolean Based Blind SQL Injection and Time Based SQL Injection.
4. How to make a web application secure from this major attack. Which WAFs (Web Application Firewall) you can use and how to set appropriate security rules.
5. How Linux could be helpful to find SQL vulnerabilities from a web application.
1. Attendees should be familiar with Structure Query Language. At least basics should be cleared.
2. Candidates should know about data management. They should know, how database store the information in it.
3. Attendees should be familiar with Linux and Windows operating system.
4. Basics of mathematics logics and limits should be clear to candidates. It will be helpful to learn and understand Blind SQL injection and Boolean Based Blind SQL Injection Queries.
1. We will spend first day on the basics of SQL Injection Attack. We will discuss, how many types SQL Injection have and how every type is different from each other.
2. On the second day of training, we will discuss the bad impacts of SQL Injection Attack. We will learn, which type of problems a SQL Injection Attack can produce for a web application.
3. After understanding the basics of SQL Injection, we will read about Blind SQL Injection on third day of training. We will do live practical (manually) to understand it in a better way.
4. On the fourth day of training, we will do practical (manually) to find Error Base SQL Injection vulnerabilities in a web application.
5. Boolean Based Blind is also a major type of SQL Injection Attack. On the fifth day, we will read about it.
6. After reading Blind, Error Based and Boolean Based Blind SQL injection attack, we will read about Time Based SQL Injection on day six. After finishing all manual practical, we will use some tools now. Remember one thing, use of tools can save your time but self-knowledge makes you a pro.
7. On the seventh day of training, we will learn the defenses of SQL Injection Attack.