As mentioned previously, I’m doing an online training course – Web Application Penetration Testing – from ELearnSecurity.

Module 5 – SQL Injection

Module 5 covers SQL Injection, where malicious SQL queries can be used to access the database and data that are used to run a web application. Depending on the database used, these attacks can even lead to hacker being able to read the file system, running OS commands, installing shells etc.

It covers the following:

  • Definition of SQL Injection
  • Dangers of SQL Injection
  • How SQL Injection Works
  • Finding SQL Injections
  • Blind SQL Injection
  • In-band / Union SQL Injection
  • Exploiting SQL Injection
  • Error-based SQL Injection
  • Tools used