Advanced Penetration Testing Course

CAST 619

Advanced SQLi Attacks and Countermeasures

cast 619 img

The rapidly evolving information security landscape now requires professionals to stay up to date on the latest security technologies, threats and remediation strategies. CAST was created to address the need for quality advanced technical training for information security professionals who aspire to acquire the skill sets required for their job functions. CAST courses are advanced and highly technical training programs co-developed by EC-Council and well-respected industry practitioners or subject matter experts. CAST aims to provide specialized training programs that will cover key information security domains, at a advanced level.

SQL injection is the most commonly used attack to break the security of a web application. According to NTT’s Global Threat Intelligence Report (GTIR), cost for a 'minor' SQL injection attack exceeds $196,000. Database usage is on the rise, as well as the applications that interconnect databases, which makes SQL injection one of the top concern for IT security professionals.

SQL injection takes advantage of non-validated input vulnerabilities and injects SQL commands through a web application that are executed in a back-end database. Attackers use this technique to either gain unauthorized access to a database or to retrieve information directly from the database. Attackers can use the SQLi attacks to steal sensitive data, spoof identity, tamper database records, reveal database structure, delete entire DB, execute system commands, elevate privileges and compromise the whole system, perform DoS attack on the server, etc.

Advanced SQLi Attacks and Countermeasures course provides in-depth knowledge on diŽerent types of SQL injection techniques, how to detect vulnerabilities, automated SQL injection tools and various countermeasures to protect web application from attacks.

Copyright © 2015