SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Injection attacks have been #1 on the Open Web Application Security Project (OWASP) Top Ten list for years. Even in 2020, SQL injection (SQLi) attacks are still finding their way into production applications and allow an attacker to wreak havoc.

The course is excellent for the beginner as it takes you from no knowledge of SQL to finding SQLi on your own and exploiting them. Even if you are an experienced pentester, this course will serve as a great reference when you run into a challenging SQLi. This course will walk you step-by-step on how to identify and attack in-band and inferential SQLi vulnerabilities, how to exfiltrate information from a database, how you can bypass web application firewalls (WAF) and filtering techniques used in an attempt to stop hackers. Finally, the course concludes by teaching you the 100% full proof method of securing source code from SQLi attacks.

In this course, you’ll learn everything you need to know about SQLi. I’ll teach you how to attack SQLi vulnerabilities, exfiltrate data from backend databases, bypass countermeasures, and I’ll show you how you can protect your applications from SQLi attacks.