Certified Ethical Hacker, Part 6 of 8: Web Apps and SQL Injection
Interactive

Certified Ethical Hacker, Part 6 of 8: Web Apps and SQL Injection

LearnNow Online
Updated Aug 21, 2018

Course description

In the ongoing war between white hat and black hat hackers, web applications are a longstanding yet continually evolving battleground. Rafiq Wayani examines the new weaponry both sides are bringing to the fight and takes a thorough look at one of the most widely used attack vectors, SQL injection. This course is part of a series covering EC-Council's Certified Ethical Hacker (CEH).

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

To get the most out of this course, this course assumes that you have a good working knowledge of Linux and Windows based networking environments. It also assumes that you have experience with managing a network, have worked with networking hardware such as switches & routers, are familiar with MS Active Directory (AD) Domain based authentication, know how to work with command-line utilities, and understand the basics of Web Server environments. Many of the demonstrations in this course use the Windows 7 and Kali Linux operating systems which can be downloaded free from the respective sites. All of the demonstrations are created in a virtual environment using Oracle VirtualBox and VMware vSphere 6.


Meet the expert

Rafiq Wayani

Rafiq Wayani has extensive experience including more than 20 years in IT as Systems Architect, Software Engineer, DBA, and Project Manager. Wayani has instructed in a variety of technical areas, has designed and implemented network and information systems, and is certified across a wide range of platforms and systems including Microsoft Solutions Developer, Systems Engineer, Application Developer, Database Administrator, Trainer; Novell Netware Administrator and Engineer; Master Certified Netware Engineer; and A Certified.

Video Runtime

103 Minutes

Time to complete

143 Minutes

Course Outline

Web Application Hacking

Web Application Concepts (05:06)

  • Introduction (00:17)
  • Most Exposed & Least Protected (02:02)
  • Exposure & Protection Cont. (02:33)
  • Summary (00:12)

Web Application Threats (12:27)

  • Introduction (00:18)
  • Web Application Threats (00:42)
  • Application Replays Script (01:34)
  • Email Vector (00:57)
  • Decoded Attack Sequence (01:19)
  • Verbose and Blind (01:19)
  • SQL Injection (00:42)
  • Database Driven Page (00:33)
  • Piggybacking with UNION (01:07)
  • Enumerate All Tables (00:48)
  • Subquery Enumerates Columns (01:55)
  • Select Data from the Column (00:57)
  • Summary (00:12)

Web App Hacking Methodology (10:25)

  • Introduction (00:17)
  • Web App Hacking Methodology (03:21)
  • Demo: Netsparker (00:53)
  • Web App Hacking Methodology (05:39)
  • Summary (00:13)

Web Application Hacking Tools (06:09)

  • Introduction (00:15)
  • Web Application Hacking Tools (03:50)
  • More Hacking Tools (01:47)
  • Summary (00:16)

Web App Countermeasures (07:33)

  • Introduction (00:25)
  • Countermeasures (03:47)
  • How to Protect Yourself (03:12)
  • Summary (00:08)

Web App Security Tools (12:06)

  • Introduction (00:31)
  • Demo: Kali, Nmap, & Nessus (04:30)
  • Demo: Openwall, pof, & WireShark (02:45)
  • Demo: Netcraft, Yersinia, & PuTTY (01:53)
  • Demo: Cain & Abel and Kismet (00:43)
  • Demo: hping and Secapps (01:19)
  • Summary (00:21)

Web Application Pen Testing (11:36)

  • Introduction (00:20)
  • Demo: Veracode (02:21)
  • Demo: Shodan and Arachni (00:46)
  • Demo: Aircrack-ng, AppScan, & Nikto (01:14)
  • Demo: WebScarab, Paterva, & Ironwasp (01:29)
  • Demo: Metasploit & WireShark (00:17)
  • Demo: w3af, Impact Pro, and Kali (00:51)
  • Demo: Netsparker, Nessus & Portswigger (01:30)
  • Demo: Zed Attack & Acunetix (00:25)
  • Demo: BeyondTrust, SQLNinja, & BeEF (01:07)
  • Demo: Dradis & Ettercap (00:49)
  • Summary (00:23)
SQL Injection

SQL Injection Concepts (08:07)

  • Introduction (00:22)
  • SQL Injection (SQLi) (03:08)
  • How Does SQLi Work? (04:18)
  • Summary (00:17)

SQL Injection Types (08:24)

  • Introduction (00:18)
  • Types of SQLi (05:17)
  • How Does SQLi Work? (02:40)
  • Summary (00:08)

SQLi Attack Methodology (05:54)

  • Introduction (00:18)
  • Application Security Risks (03:13)
  • OWASP Top 10 (02:04)
  • Summary (00:18)

SQLi Tools (04:58)

  • Introduction (00:20)
  • SQLi Tools (01:01)
  • Demo: sqlmap (01:56)
  • Demo: SQL Ninja (00:39)
  • Demo: safe3 (00:46)
  • Summary (00:13)

SQLi Evasion Techniques (05:15)

  • Introduction (00:16)
  • SQLi Evasion Techniques (02:03)
  • SQLi Evasion Techniques Cont. (02:40)
  • Summary (00:14)

SQLi Countermeasures (05:46)

  • Introduction (00:18)
  • SQLi Countermeasures (04:16)
  • Demo: Web Application Firewall (00:50)
  • SQLi Countermeasures (00:12)
  • Summary (00:08)