About the course:
Learn to use one of the most popular tools to find SQLinjection vulnerabilities: sqlmap.
In this course, we start out by creating a simple, free, and quick home lab environment with Virtual Box, Kali Linux, and Docker. I'll walk you through step-by-step how to do that, so don't worry if it sounds intimidating! After that, we download and install the latest version of sqlmap. Then, we look at some of the most important and useful features and options for beginners to get started with. Finally, we launch SQL injection attacks against our lab environment in order to extract information from the vulnerable database.
sqlmap can be used to extract information such as database schema, database names, table names, password hashes, and more. It even includes a built-in password cracker which we demonstrate by cracking all of the passwords stored in the users table of the database.
This course is meant to be easy to follow so that you can quickly learn how to get started with sqlmap. So whether you are interested in becoming a web pentester, or whether you are interested in learning how to make web applications more secure, this course will help you understand what tools and techniques can be used to automate SQLinjection attacks and complement manual exploration.
-----------------------
Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications by providing a safe learning environment.
-----------------------
Instructor
My name is Christophe Limpalair, and Ihave helped thousands of individuals pass ITcertifications, learn how to use the cloud, and develop secure applications. I got started in ITat the age of 11 and unintentionally fell into the world of cybersecurity. Fast-forward to today, and I've co-founded a fast-growing cybersecurity community, Cybr, that also provides training resources.
As Ideveloped a strong interest in programming and cloud computing, my focus for the past few years has been training thousands of individuals in small, medium, and large businesses (including Fortune 500) on how to use cloud providers (such as Amazon Web Services) efficiently, and how to develop more secure applications.
I've taught certification courses such as the AWSCertified Developer, AWSCertified SysOps Administrator, and AWSCertified DevOps Professional, as well as non-certification courses such as Introduction to Application Security (AppSec), SQLInjection Attacks, Introduction to OSCommand Injections, Lambda Deep Dive, Backup Strategies, and others.
Working with individual contributors as well as managers, Irealized that most were also facing serious challenges when it came to cybersecurity.
Digging deeper, it became clear that there was a lack of training for AppSec specifically. As we explore in the course, SQLinjection vulnerabilities can be absolutely devastating when exploited, but preventing SQLinjections is actually quite simple. So my goal with this course is to help you get started on your journey of learning the tools, techniques, and concepts to properly find injection vulnerabilities in your own applications (or your client's).
It's time to take security into our own hands and to learn how to build more secure software in order to help make the world a safer place! Join me in the course, and we'll do just that!
Iwelcome you on your journey to learning more about sqlmap, and I look forward to being your instructor!
