SQL Injection Labs provides an on-line platform to master The Art of Exploiting SQL Injection. From SQLi 101 to mind bending 2nd order injection, file read/write access, remote code execution; we have got it all covered. Whether you are a student who is just starting a career in field of IT security or a professional who wants to become a Ninja, we have something for everyone!– Sumit Siddharth,
Black Hat Speaker and Trainer
Founder, Notsosecure Ltd, UK
1. What is the objective of the SQL Injection Lab?
The SQL Injection Labs aims to help you:
- Practice various different types of SQL Injection vulnerabilities
- Learn advanced Identification techniques by which you can spot a SQL Injection
- Learn advanced exploitation techniques by which you can determine the true impact of the vulnerability
- Evaluate various security scanners/tools and see which tool does what
- Learn to distinguish between a false positive and a real vulnerability
2. What will be my key learnings in this lab?
a. SQL Injection by Functionality and Type:
- Authentication Bypass
- Data Extraction
- Error based
- Union based
- Blind SQLi
- DNS Exfiltration
- Bypass WAF/Black Listing
- Advanced Exploitation
- File read/write
- Code execution
- Advanced Identification/Exploitation
- Order by/group by
- Double Encoding/decoding
- Injection in Insert/Update
- Other HTTP fields
- Injection in stored procedures
- 2nd order Injections
- GBK encoding
- UTF-7 decoding
- Truncation issues
b. Experience with Different Database Servers
- MS-SQL (2008)
3. Does this course provide SQL Injection theory as well?
No, this lab does not provide any theory on SQL Injection. However, for every lab exercise we will provide you with the full Video walkthrough solution and a Lab manual with step-by-step solutions. This lab is totally hands-on. If you are interesting in a regular courses, then please have a look at our newly launched Pentester Academy.
4. How long do I get access to the lab?
You will get full 30 Days Lab access and you can extend it if you like at the end at an additional cost.
5. What all do I get in this Lab?
You will get the following as a registered student of the SQL Injection lab:
- 30 Days online lab access – 24/7 availability
- Over 20 Challenge Applications!
- Total of 70 Objectives to be completed!
- Full Video Walkthrough with Voice of all Challenges and Objectives
- Lab Manual with details of exercises and solutions
- Student forum support for 30 days during the lab
- Course Completion Certificate
6. Can you give us an example of how a Challenge and it’s Objectives look like?
There are a total of 20 Challenges and 70 Objectives in this lab. Each challenge consists of the following:
- A vulnerable application
- Multiple questions to be solved
- Use of either manual or automated techniques or both
Please play the Video to the left to go through a Lab Challenge walkthrough with Sumit.
7. SQL Injection Lab Creator – Sumit “sid” Siddharth
Sumit “sid” Siddharth is the founder of Notsosecure Ltd, a specialist IT security firm delivering high-end IT security consultancy and Training. Prior to Notsosecure, he worked as Head of Penetration Testing for a leading IT security company in UK. He has more than 8 years of experience in Penetration Testing. Sid has authored a number of whitepapers and tools. He has been a Speaker/Trainer at many security conferences including numerous Black Hat, DEF CON, OWASP Appsec, HITB etc. He also runs the popular IT security blog: http://www.notsosecure.com/blog. Sid is also a co-author of the book SQL Injection: Attacks and Defence (2nd edition). Over the years, Sid has identified several critical flaws in leading software and helped fix these bugs. These include products from Microsoft, Oracle, Intel, WordPress etc. He has trained several security consultants/penetration testers and helped them get better at their jobs. Sid also holds both CREST certifications (Application and Infrastructure).
8. Testimonials from Sumit’s Real World Trainings
Besides being an awesome AppSec guru, Sid is a great communicator and really does a great job engaging the class with great demos and interesting examples. If you have the chance to take a class with him, do it!– James Wickett
Creator and founder
Lonestar Application Security Conference
The Art of Exploiting Injection Flaws is 2 days hands on training course that was especially helpful in identifying multiple attacks utilizing injection. The class is great for beginners and will even show tricks to people who are familiar with injection flaws. The course covers several different databases and shows students how to exploit multiple vulnerabilities. The class was easy to follow, the labs were skill appropriate, beneficial and increased in difficulty as the class progressed. Sid was a very patient and helpful instructor and even made himself available after class for any additional questions or clarifications– Ebony Pierce
Sid has a way of stripping the arcane away from injection attacks. The use of tools is covered, but this isn’t just a class on how to use sqlmap – take it and you’ll understand exactly what the tool is doing in the background because you just did it manually in the lab. It made me a better web assessor and pentester!– Josh Little
I really enjoyed the class. The class showed what automated tools are capable of finding and areas where even state of art commercial tools will not be able to identify a critical vulnerability. I highly recommend this class to anyone who does security testing or even software/web development!– Alex Horan
I highly recommend the courses offered by Sid and his company. I work in the security department of a US based bank and I had a chance to take ‘The Art of Exploiting injection Flaws’ course given by Sid at Black Hat Las Vegas in August 2013.This course gave me an insight into the more subtle types of injections and how to deal with them. Thank You very much for offering this Course.– Peter Iancic
9. Course Enrollment and Payment
We are currently offering a PROMOTIONAL PRICING of $99 for 30 days of lab access. After the promotion ends, the price will be raised to $149 for 30 days lab access.
Please submit the Paypal powered form below to make a payment to “Binary Security Innovative Solutions Pvt. Ltd.“, the parent company of SecurityTube to enroll for the course.
If you cannot use Paypal, please drop us an email at feedback binarysecuritysolutions.com for alternate forms of payment.
10. Contact Us
We have compiled a FAQ below:
1. What is your Refund Policy?
A: Once a course or lab is purchased, no refund is possible.
Please use the form below if you have any additional questions not answered by this page and we will get back to your ASAP: