Network Security – Patching Web App with SQL Injection Vulnerability
iSpeech
Fundamentals of Computer Network Security Specialization
Course 3 - Hacking and Patching
About this course: In this MOOC, you will learn how to hack web apps with command injection vulnerabilities in a web site of your AWS Linux instance. You will learn how to search valuable information on a typical Linux systems with LAMP services, and deposit and hide Trojans for future exploitation. You will learn how to patch these web apps with input validation using regular expression. You will learn a security design pattern to avoid introducing injection vulnerabilities by input validation and replacing generic system calls with specific function calls. You will learn how to hack web apps with SQL injection vulnerabilities and retrieve user profile information and passwords. You will learn how to patch them with input validation and SQL parameter binding. You will learn the hacking methodology, Nessus tool for scanning vulnerabilities, Kali Linux for penetration testing, and Metasploit Framework for gaining access to vulnerable Windows Systems, deploying keylogger, and perform Remote VNC server injection. You will learn security in memory systems and virtual memory layout, and understand buffer overflow attacks and their defenses. You will learn how to clone a Kali instance with AWS P2 GPU support and perform hashcat password cracking using dictionary attacks and known pattern mask attacks.
Who is this class for: Any one interested in learning how to hack and patch web apps with injection vulnerabilities, crack passwords on AWS P2 system, system security design pattern using hand-on labs, quick introduction to buffer overflow, Nessus scanning tool and Kali Penetration Testing suite. The needs to know how to program in a high level programming language.
Module 2 - Hack SQL Databases and Patch Web Apps with SQL Injection Vulnerabilities
In this module we will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query.We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn the eight-step hacker methodology for exploit systems. For the escalating privilege techniques, we show how to leverage command injection vulnerability to search file systems and deposit/hide Trojans for future exploit.
Learning Objectives
• By the end of this module, you should be able to hack web apps with SQL injection vulnerability and patch them.
• By the end of this module, you should be able to perform code review and detect the command injection/SQL injection patterns.
• By the end of this course, you should be able to learn eight step hacker methodology for exploit systems.
• For the escalating privilege techniques, we show how to leverage command injection vulnerability to search file systems and deposit/hide Trojans for future exploit.
Subscribe at: https://www.coursera.org
2017-11-11 12:50:18
source
Gloss