SQL Injection | Complete Guide
In this video, we cover the theory behind SQL injection vulnerabilities, how to find these types of vulnerabilities from both a white box and black box perspective, how to exploit them and how to prevent them.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Web Security Academy Series Course: academy.ranakh...
Mastering SQL Injection - The Ultimate Hands-On Course: www.udemy.com/...
▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬
00:00:00 - Introduction
00:02:03 - What is a SQL injection vulnerability?
00:33:44 - How to find SQL injection vulnerabilities?
00:46:49 - How to exploit SQL injection vulnerabilities?
01:00:27 - How to prevent SQL injection vulnerabilities?
01:10:23 - Resources
01:11:13 - Summary
01:11:37 - Thank You
▬ Links ▬▬▬▬▬▬▬▬▬▬
Video slides: github.com/rkh...
Introduction to the Web Security Academy Series video: • Introduction to the We...
Web Security Academy: portswigger.ne...
Web Application Hacker’s Handbook: Chapter 9 Attacking Data Stores
OWASP - SQL Injection: owasp.org/www-...
OWASP - SQL Prevention Cheat Sheet: cheatsheetseri...
PentestMonkey - SQL Injection: pentestmonkey.n...
Rana's Twitter account: / rana__khalil
Hacker Icon made by Freepik: www.freepik.com
Пікірлер: 323
Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨
@bigbrain786
2 жыл бұрын
i don't have money to purchase .
@omarc900
2 жыл бұрын
@@bigbrain786 $29 save up.
@i_youtube_
2 жыл бұрын
Is buying the course is intended to support you or there is an additional content added in the paid course.
@SauravKumar-if4to
Жыл бұрын
I don't have money 🥺🥺 so i come here to see
Your video material is actually way better than the instructions provided in the academy itself. The guys at the academy would be crazy not to approach you to incorporate your material into their platform.
@RanaKhalil101
3 жыл бұрын
your comment made my day!
@eonraider4180
3 жыл бұрын
@@RanaKhalil101 That's great! I'm glad I found your write-ups too. It's just sheer competence right there. Keep up the good work.
@gg-ps1vz
3 жыл бұрын
@@eonraider4180 GG twitter.com/PortSwigger/status/1366714766895550469?s=19
@comosaycomosah
10 ай бұрын
This
Where have you been all my life? Please continue working on this. This is great!
@hilalkhan8446
2 ай бұрын
Yes........ and You comment ( My heart's words).
I am totally new to this world , but your video is good to understand. Thanks
Subhallah! This is what I spend so many months looking for, finally gotten it for free, Thanks alot for the resources.
Amazing work, I'm looking forward to the rest of this series!!
Your material answers all the questions I have when doing the lab's when I think of "what if..." and it really helps complete the whole picture. Will probably sign up soon when I have some time and money!
Thank you so much, amazing work. Actually it's the most up-to-date work, covering everything from a white/grey/black box perspective. Again, thank you! You are awesome :D
Very comprehensive and insightful. Never had anyone explain SQL injection in such a manner. Was very easy to follow through. Thank you. Great work! Awaiting more content.👍
This was extremely helpful! As someone who was a bit lost in the Web Security Academy this helped fill in the gaps so much. Thank you for this!
Mashaallah Sister, I'm proud that I learned from you😊❤
Your voice rhythm made me to watch The way you are teaching was really amazing
I always hate theory but your theory videos are so practical that you can't imagine. It's helping me a lot.
I've been studying for the GSEC for work, and it's really taken away time from all of my offensive security studying, but I'm finally sitting down for some free time to study and checking out your tutorials. They've all looked great from the handful I've watched while on in the background while working, but I'm looking forward to really digging in and using them to get ready for the Burpsuite Cert after my GSEC test in December. Thanks for all of the hard work!
@aaronwhite1786
5 ай бұрын
Ha! Saw my old comment here and figured I'd update. I got the GSEC checked out, and now I'm back learning all of this all over again since I'm studying for the GWAPT. Thanks again for all of the great videos!
This video is so important for beginner.Thanks a lot mam for your great initiative.please keep it continuous.
Your voice is so soothing. Loved your content. Subscribed
Your teaching methodolgy is really amazing. I have no previous tech experience a complete newbie with some basic knowledge and I completey understand what is being explained. Thank you so much for putting in so much of time and efforts and keep up the good work ma'm.
You know I have never wrote a single comment in KZread but your videos make me do it . Thank you so much for your video and please keep it up 👏
I am here after watching the Broken access vulnerability topic with David Bombal. The way of your teaching is outstanding and thanks for sharing such a valuable knowledge.
These videos are so awesome that I'm watching and taking notes on New Year's Eve, and I'm truly enjoying myself. Thank you! (And happy new year!)
@RanaKhalil101
2 жыл бұрын
This comment made my day! Happy new year!
I've enjoyed your previous write-ups but this video is sooo stellar!! I've always struggled with getting a good handle on SQLi in the past and mostly just left it up to the automated tools but this guide has given me a much better approach and methodology to apply to injection scenarios. I really appreciate your efforts and look forward to future videos!
@RanaKhalil101
3 жыл бұрын
Thank you! The next 16 videos cover SQLi hands on exercises. By the end of this module, not only will you be become a pro at exploiting SQLi vulnerabilities manually but you'll also learn how to automate the exploitation in python ;)
@xtwisted007x
3 жыл бұрын
@@RanaKhalil101 I started thinking about the flow of a python script for this as you were explaining the boolean-based injection. I'm still a python novice however so appreciate learning new methods. 😁
Reviewing some of these things to fresh up my memory in order to create my own content on the subject (but in italian), and well, excellently explained, thank you very much!
Thank you so much for your amazing course, your effort and your time! I really like the consistency in the slides format & flow of explanation for each topic and how you organise the playlists for each topic with short and long versions 😊
Huge fan! Been following you since the days of your medium writeups. Thank you for your content, you have undoubtedly upgraded my infosec career. Keep doing what you are doing. Hope you continue with videos on this subject matter.
Hey Rana! greetings from Brazil!! Thanks for the great work and content you've been putting up. Looking foward to see your next videos!!!
thanks for uploading this video I was constantly looking for the resource to study this topic and I finally found this video... it is very helpful
incredibly impressed this is fantastic
You are AMAZING! Thank you so much for all the effort and time to bring such an excellent content to the community. You are an inspiration!
This is first youtube video without dislike i have ever seen. NICE and thank you for the tutorials.
this is NETCLOUTS you are the best teacher i ever have in the world MAY ALLAH grand you with JANNAH
You're the best! I love your work, and I have learned a lot from you! You deserve a million subs. Tysm😄
Completed the whole video. Going for the next one. Thank you so much for sharing the awesome knowledge ❤️
MASHALLAH, PROFESSIONAL WAY OF PRESENTATION
I found out about your work on David Bombal's channel. Your channel is fantastic!
Thank you, I understand so much better now.
Great work! Thank you for doing this. Really means a lot to us beginners❤️ Looking forward to more such informative videos👍
Assalammualaykum, greetings from Malaysia. There's so much information. Great work! Looking forward next video.
I think that you and the company you work for are amazing! Thank you for these vids!🙂
Best explanation I would say, simple and straight! Very helpful, thank you!
Finest Video On SQL Injection on KZread ❤
Wow!! Simply awesome! Finally I found a channel which Deep dive into the SQL injection!
very interesting, as i've been dealing with such a problem myself (was hacked by ransomware on a university server...) what i don't understand is how you loop over a long hash checking every character: this is classical brute force and should take thousands of years... :)
with this guide, its easy to understand SQLI , thank u
really amazing content.
im glad that i found your channel 1 month ago.. such good content mashallah. keep the contents coming ^_^
You are doing great job teaching! I wish I could have your determination and attention to detail!
This presentation is realy realy useful for beginners or students , it explains every details of the topic and and has example of queries and payloads for real-life stuations . Please keep going to do it for young collegues and students. Thank you for your effort.
WOW! Excellent video that clearly explains how we have to think twice (or more) before feeling safe!
Your methodology of testing is great. Well done!
Amazing work. Thanks for providing awesome stuff for free of cost.
Really appreciate your efforts and time you put into making these tutorials , these are really helpful and qualitative .also expecting Such more tutorials based on the course ahead . again thank you for sharing your knowledge you're giving back to the community in the amazing way.🙌
This is great. Thanks for doing it. Shared it with my whole team.
Nice tutorial. 👍 I wanna see more tutorials from different topics. 😊
Oh my goodness. Thanks so much for your hard work, it was super helpful and your video seems professionally made💙
The great super explanation I deeply loved it and waiting for more series from you.
This video is incredibly helpful and insightful. I really look forward to the other videos in this series. Thank you!
Amazing explanation. very clear and right to the point.
Thanks so much, very clear, appreciate all of your hard work behind the scenes
My new favourite content creator! Thank you so much for this
Your work is amazing!! I’m excited for more content
Thank you for your knowledge. You are paving the way to knowledge for ordinary people
Thank you for your hard work .. lots of information packed into this video.
Buenas tardes Rana, te he conocido gracias a un video que realizaste con David Bombal, y me pareció fantástico y tu super simpatica. Soy una persona normal y corriente, y he tenido recientemente una mala experiencia con una empresa realizando trading, bueno ya te puedes imaginar. Jamás pensé que llegara a ser tan incrédulo. Me gusta mucho como te explicas y lo puedo comprender todo hasta ahora. Nunca es tarde para aprender. Voy a ver que tal empiezo con tus tutoriales y si me llenan como hasta ahora, aportaré al canal de la manera que pueda para que sigamos aprendiendo de tus habilidades. Un saludo.
Great content, I learned a lot about sqli. I'm looking forward to learn more from your future videos.
This is the Best Sql explanation on youtube! Keep up the good work👍
Great content given by you for who have not enough money to buy course
Rana, thank you so much for this video! You explain complex topics so simply and clearly! Great!
Love from Pakistan....simple and easy way of teaching...
Wow. This is gold. Thank you very much for taking the time to make this incredible material.
Easy to follow explanation. Great presentation! -:)
This is amazing. Your video is really easy to understand and I love it! Please continue working on this
This is the best...!
Thank you so much.your making this so easy to understand
Thanks a lot, im watching it another time because its useful !!
Don't stop ur class is ✨️✨️✨️✨️🥳🥳😘
مشاء الله عليكي. ربنا يزيدك علم
Thank you so much for the great explanation keep going 👏👏
Mam i became fan of your work, please reply to my question, how you are able to manage time in making this many hours of lengthy content with great quality. What is your motivation?❤👍
Great work!! Thank you for sharing your knowledge. Looking forward to learning a lot through your channel! :)
so much information! will be following with the series
Thank you Rana for your tutorials. Your explanations are clear and concise and I easily grasp these concepts with ease. I have a question about Boolean-Based Blind SQLi. Is it possible that to optimise the finite brute force of each character, the attacker makes use of binary search to find the character, say instead of (…., 1, 1) = ‘s’, the attacker injects (…., 1, 1) < ‘s’, that’d work right?
Thanks for sharing the proper content with us. Your voice makes it more attractive to understand 😊👌
You were definitely made for this ❤🔥❤🔥❤🔥❤🔥🔥🔥🔥🔥❤❤❤❤❤❤perfect content
Nicely explained. Great job Rana... Will be following you in entire series.
Loved it.. Pls don't stop this series.. ♥
I liked this video even before starting. I love the givers !! Sply rahana I follow you in twitter. Tha ks for sharing your knowledge. Keep going great ! Love you voice too ❤️
رفعت راس اختي العزيزة
I am looking forward see rest of the content soon
I just subscribed. You are very easy to understand and I am excited for more SQL content.
Rana for presidency
Thank you Rana for helping us learn!!! More power to you!
Thaaank you so much for your videos Rana and the way you make them and time to create them and everything!! much appreciated ♥♥
Concise and straight to the point
Well done Rana! Awesome the content. Maybe you could put the links of the sources in the description? Cheat sheet, web security, etc? :)
@RanaKhalil101
3 жыл бұрын
Done, thank you for the suggestion!
@drop8637
3 жыл бұрын
@@RanaKhalil101 you are amazing ! 👍
thank you so much,loved your voice and explanation😁😀😀
The best instruction on SQL injection!
I like your content. You are great instructor. I like your unique voice too. Thank you so much.
You are awesome for this!! Thank you!!
Really great video, thank you
thank you soo much ma'am !!