• Online, Self-Paced

SQL injection is typically used to access sensitive information from a target's database, but under the right circumstances, it can be used to access the remote file system or even allow for remote system shell access. In this course, you'll learn the SQLi techniques used to read and write to files on the target system, as well as gain interactive shell access. Manual SQL injection testing is a necessary skill, but often time to test is limited and it's useful to have a tool like SQLMap. You'll finish this course by learning how to use SQLMap to automate the process of testing SQL injections. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

Learning Objectives

{"use SQLi techniques to read a file on a target system","recognize the limitations of using SQLi techniques to read a file","describe the SQL Injection techniques used to write a file on a target system","identify the SQL statements that can be used to write files to a target system using SQLi and that could allow an attacker to gain interactive shell access"}

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.