New Training: Web Application Vulnerabilities
In this 7-video skill, CBT Nuggets trainer Bob Salmans discusses many of the vulnerabilities found within web-based applications, including a walk-through of the OWASP top 10 list. Watch this new pen testing training.
Watch the full course: CompTIA PenTest+
This training includes:
- 7 videos
- 51 minutes of training
You’ll learn these topics in this skill:
- OWASP Top 10 (1 thru 3)
- OWASP Top 10 (4 thru 6)
- OWASP Top 10 (7 thru 10)
- Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF)
- SQL Injection Attacks
- File Inclusion Vulnerabilities
- Additional Web App Vulnerabilities and Attacks
Why SQL Injection Attacks are Still a Primary Cyber Attack Vector
Web applications are under constant attack. It's the nature of having a service exposed to the public internet. It's not a question of if an attack will be launched against a website but a matter of when. Some attacks are more common than others, though. In fact, OWASP has assembled a top ten list of cyber-attacks that are used against websites. The most prominent attack on that list is SQL injection attacks.
SQL injection attacks are nothing new. They have been around since websites started implementing SQL databases with their web properties. They work by using SQL commands with things like web forms. When a website attempts to save the information from that webform into the database, the database sees that input as a command and runs it.
SQL Injection attacks are easy to mitigate, though. Applications need to sanitize information being passed into a database before saving it. Many programming languages, like PHP, have built-in libraries for sanitizing information automatically. By sanitizing inputs, SQL injection attacks can be easily prevented.