DeepSec Training: Bug Bounty Hunting – How Hackers Find SQL Injections in Minutes with Sqlmap
In a previous article we talked about the Bug Bounty Hunting training by Dawid Czagan at DeepSec 2018. In case you do now know what to expect, there is a little teaser consisting of a full blown tutorial for you. Dawid has published as video tutorial that shows you how to use Sqlmap in order to find SQL injections. It serves as a perfect example of what to expect from his two-day training and what you absolutely need to play with for preparation. DeepSec trainings are in-depth, not superficial. Dawid’s training will go into much deeper detail. Software developers are well advised to use attack tools against their own creations. It helps to understand what error conditions your code might be in and what you have to do when sanitising data.
SQL injection attacks have been around for over 15 years. They still exist. Given the widespread use of databases, they will stay for a while longer. The bug has even entered mainstream (nerd) culture, so make sure you know what it is all about.