Injection Attacks
Master the skills of injection attacks, covering Advanced SQL Injection, Server-Side Template Injection, XXE Injection, LDAP Injection, and NoSQL Injection.
In this module, we'll guide you through the complex landscape of injection attacks, focusing on vulnerabilities like SQL Injection, SSTI, LDAP Injection, and XXE Injection. We’ll start with Advanced SQL Injection, where you’ll learn how injection-based attacks can be used for relational databases, leading to data pilferage and RCE. We'll then pivot to NoSQL Injection where you’ll learn the impact of injection attacks on non-relational databases like MongoDB. As we start into XXE injection, you'll learn about how these attacks can lead to data leakage and data exfiltration. Further, you’ll learn about Server-Side Template Injection and how template engines can be exploited leading to RCE. Each section of this module is strengthened with real-world scenarios designed to understand, effectively mitigate, and protect against these client-side vulnerabilities.
0%
Advanced SQL Injection
Learn advanced injection techniques to exploit a web app.
0%
NoSQL Injection
A walkthrough depicting basic NoSQL injections on MongoDB.
0%
XXE Injection
Exploiting XML External Entities.
0%
Server-side Template Injection
Exploit various templating engines that lead to SSTI vulnerability.
0%
LDAP Injection
Exploiting Lightweight Directory Access Protocol.
0%
ORM Injection
Learn how to exploit injection vulnerabilities in an ORM-based web app.
0%
Injectics
Use your injection skills to take control of a web app.
What are modules?
A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).
