CAST 619 - Advanced SQLi Attacks and Countermeasures

Advanced Penetration Testing Course

  Get Advanced Penetration Testing Training From EC-Council Get Certified in Mobile Hacking & Forensics Investigations Learn & Get Certified In Advanced Application Security Course Online From EC-Council Join Advanced Network Defense Training Program Online  
  Securing Windows Infrastructure (CAST 616)   Designing and Implementing Cloud Security (CAST 618)  Advanced SQLi Attacks and Countermeasures (CAST 619)

CAST 619
Advanced SQLi Attacks and Countermeasures

  cast 619 img


The rapidly evolving information security landscape now requires professionals to stay up to date on the latest security technologies, threats and remediation strategies. CAST was created to address the need for quality advanced technical training for information security professionals who aspire to acquire the skill sets required for their job functions. CAST courses are advanced and highly technical training programs co-developed by EC-Council and well-respected industry practitioners or subject matter experts. CAST aims to provide specialized training programs that will cover key information security domains, at a advanced level.

SQL injection is the most commonly used attack to break the security of a web application. According to NTT’s Global Threat Intelligence Report (GTIR), cost for a 'minor' SQL injection attack exceeds $196,000. Database usage is on the rise, as well as the applications that interconnect databases, which makes SQL injection one of the top concern for IT security professionals.

SQL injection takes advantage of non-validated input vulnerabilities and injects SQL commands through a web application that are executed in a back-end database. Attackers use this technique to either gain unauthorized access to a database or to retrieve information directly from the database. Attackers can use the SQLi attacks to steal sensitive data, spoof identity, tamper database records, reveal database structure, delete entire DB, execute system commands, elevate privileges and compromise the whole system, perform DoS attack on the server, etc.

Advanced SQLi Attacks and Countermeasures course provides in-depth knowledge on diŽerent types of SQL injection techniques, how to detect vulnerabilities, automated SQL injection tools and various countermeasures to protect web application from attacks.

kevin cardwell- Penetration Tester Expert

Mr. Haja Mohideen is the VP- Technology and Co-Founder of EC-Council. He manages the certifications and training programs for EC-Council, and leads the product development team. He is known worldwide as the creator of the popular EC-Council certification programs Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (CHFI), EC-Council Certified System Analyst / Licensed Penetration Tester (ECSA/LPT) and EC-Council Certified Secure Programmer (ECSP), among others.

Haja has 17 years of experience specializing in the development, support and project management of PC software and hardware. He has trained various Fortune 500 companies as well as US government agencies. He is also the Master Trainer for EC-Council courses, and his training is often sought after globally. He has led training in many countries including Greece, India, USA, Indonesia, Singapore, England, Mexico, amongst others. Haja is also one of few who are qualified to conduct train the trainer sessions for EC-Council courses.

Haja holds a Masters Degree in Software Engineering and has numerous industry-wide IT certifications from Microsoft, IBM, Cisco, Motorola, 3COM, Adobe, Intel and many others. He carries over 90 vendor certifications.

Module 01: Introduction to SQL Injection Attacks

  • What is SQL Injection?
  • Why Bother about SQL Injection?
  • SQL Injection Attacks
  • How Web Applications Work
  • Server-side Technologies
  • HTTP Post Request
  • Example 1: Normal SQL Query
  • Example 1: SQL Injection Query
  • Example 1: Code Analysis
  • Example 2: BadProductList.aspx
  • Example 2: Attack Analysis
  • Example 3: Updating Table
  • Example 4: Adding New Records
  • Example 5: Identifying the Table Name
  • Example 6: Deleting a Table
  • SQL Injection Attack Categories
  • Getting Private Info
  • Types of SQL Injection
    • Error Based SQL Injection
      • Error Based SQL Injection Techniques
    • Blind SQL Injection
      • No Error Messages Returned
      • Blind SQL Injection: WAITFOR DELAY YES or NO Response
      • Blind SQL Injection: Boolean Exploitation technique

Module 02: SQL Injection Attack Methodology

SQL Injection Attack Methodology
  • Information Gathering
  • Extracting Information through Error Messages
  • Understanding SQL Query
  • SQL Injection Vulnerability Detection
  • SQL Injection Detection
  • SQL Injection Error Messages
    • SQL Injection Attack Characters
  • Additional Methods to Detect SQL Injection
  • SQL Injection Black Box Pen Testing
  • Testing for SQL Injection
  • Code Review to Detect SQL Injection Vulnerabilities
  • Perform Error based SQL injection
  • Error Based Exploitation Technique
  • Union Exploitation Technique
    • Perform Error based SQL Injection: Using Union SQL Injection
  • Perform Error based SQL Injection: Using End of Line Comment
  • Perform Error based SQL Injection: Using Stored Procedure Injection
  • Bypass Website Logins Using SQL Injection
  • Perform Blind SQL injection
  • Blind SQL Injection – Exploitation (MySQL)
  • Blind SQL Injection - Extract Database User
  • Blind SQL Injection - Extract Database Name
  • Blind SQL Injection - Extract Column Name
  • Blind SQL Injection - Extract Data from ROWS
  • Performing Blind SQL Injection: Using Out of band Exploitation Technique
  • Exploiting Second-Order SQL Injection
  • Second-Order SQL Injection: Scenario
  • Finding Second-Order Vulnerabilities
    • Finding Second-Order Vulnerabilities: Automated Scanners
  • Steps to Identify Second-Order SQL Injection Vulnerabilities
  • Exploiting Client-Side SQL Injection
  • Attacking Client-Side Databases
  • Using Hybrid Attacks
  • Leveraging Captured Data
  • Creating Cross-Site Scripting
  • Running Operating System Commands on Oracle
  • Exploiting Authenticated Vulnerabilities
  • Double Blind SQL Injection: Classical Exploitation (MySQL)
  • Enumerate Data
  • Database, Table, and Column Enumeration
  • Advanced Enumeration
  • Features of Different DBMSs
  • Creating Database Accounts
  • Password Grabbing
  • Grabbing SQL Server Hashes
  • Extracting SQL Hashes (In a Single Statement)
  • Transfer Database to Attacker's Machine
  • Interact with the OS
  • Interacting with the Operating System
  • Interacting with the File System
  • Compromise the Network
  • Network Reconnaissance Using SQL Injection
  • Network Reconnaissance Full Query
  • Automated SQL Injection Tools

Module 03: Bypassing Filter, WAF, and IDS

  • Bypassing Input Filters
  • Using Case Variation
  • Using SQL Comments
  • Using URL Encoding
  • Using Dynamic Query Execution
  • Using Null Bytes
  • Using Nesting Stripped Expressions
  • Exploiting Truncation
  • Using Non-Standard Entry Points
  • Introduction to WAF
  • Methods to Bypass WAF
  • Bypassing WAF: SQL Injection - Normalization
  • Bypassing WAF: SQL Injection - HTTP Parameter Pollution (HPP)
  • Bypassing WAF: SQL Injection – HTTP Parameter Fragmentation (HPF)
  • Bypassing WAF: Blind SQL Injection
  • Bypassing WAF: SQL Injection – Signature Bypass
  • PHPIDS ( – default rules
  • Mod_Security (2.5.9) – default rules
  • Evading IDS
    • Types of Signature Evasion Techniques
  • Evasion Technique: Sophisticated Matches
  • Evasion Technique: Hex Encoding
  • Evasion Technique: Manipulating White Spaces
  • Evasion Technique: In-line Comment
  • Evasion Technique: Char Encoding
  • Evasion Technique: String Concatenation
  • Evasion Technique: Obfuscated Codes

Module 04: SQL Injection Defenses and Incident Handling

  • How to Defend Against SQL Injection Attacks
  • SQL Injection Detection Tools
  • Investigating and Handling SQL Attack Incidents
  • Investigating a Suspected SQL Injection Attack
  • Analyzing Digital Artifacts
  • Containing the Incident
  • Assessing the Data Involved
  • Determining the Actions Performed by the Attacker on the System
  • Recovering from a SQL Injection Attack
  • Reducing the Attack Surface
  • Fundamentals of how web applications, and server-side technologies work
  • Working of SQL injection attacks
  • SQL injection attack techniques, including error based, and blind SQL injections
  • Union exploitation technique
  • Dierent types of blind SQL injection attacks
  • How to detect SQL injection vulnerability
  • Testing for SQL injection and black-box pen testing techniques
  • Automated SQL injection vulnerability scanners
  • How to enumerate databases
  • Compromise the network using SQL injection
  • 10 Exploiting authentication vulnerabilities and launching Cross-Site Scripting (XSS) attacks
  • Automated SQL Injection tools
  • SQL injection techniques to bypass lter, WAF, and IDS
  • How to defend against SQL injection attacks
  • Investigating and handling SQL attack incidents

  • Database administrators
  • Web app developers
  • Security auditors
  • Security professionals
Duration: 3 days (9:00 – 5:00)

To download CAST 619 printable brochure Please Click Here

Enquire Online About Advanced Security Training Programs

We at CAST would like to hear from you

if you have questions, comments or feedback for us, please send us a message using the from below or email us at
For more information and news updates, connect with us via Social Media or our Mailing List.
We look forward to hearing from you!

CAST General Enquiry Form