SQL Injection Attacks: The Guide

Learn hands-on how to perform and defend against one of the most devastating web attacks - SQL injections
Free tutorial
Rating: 4.7 out of 5 (345 ratings)
33,932 students
1hr 31min of on-demand video
English [Auto]

See, in action, the power of SQL injections
You will attack applications legally & safely
Learn defense controls to protect your applications and databases from SQL injections
Perform SQL injections by hand and with automated tools
Learn about various SQL injection techniques
Look at vulnerable code and learn how to make it secure


  • Experience working with SQL
  • Experience working with web applications


About the course:

Welcome to this course on SQL injection attacks! In this course, we explore one of the biggest risks facing web applications today.

We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of SQL and injections. After that, we learn SQL injection techniques with the help of cheat sheets and references. At that point, we start to gather information about our target in order to find weaknesses and potential vulnerabilities.

Once we've gathered enough information, we go full-on offensive and perform SQL injections both by hand and with automated tools. These attacks will extract data such as tokens, emails, hidden products, and password hashes which we then proceed to crack.

After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the network, application, and database layers. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections.

Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications.


Topics we will cover together:

  1. How to set up a Kali Linux Virtual Machine for free

  2. How to configure and create safe & legal environments using containers inside of Kali

  3. How to get started with OWASP ZAP (a free alternative to Burp Suite)

  4. A quick refresher of what SQL is and how it works

  5. An explanation of what SQL injections are and how they work

  6. SQL injection techniques with cheat sheets and references

  7. How to gather information about your target in order to find potential vulnerabilities

  8. How to perform SQL injections by hand with a proxy tool (ZAP)

  9. How to perform SQL injections with automated tools (SQLMap)

  10. How to use results from successful and unsuccessful injections to further exploit the application (ie: crack passwords)

  11. How to defend against SQL injections at the network layer

  12. How to defend against SQL injections at the application layer

  13. How to defend against SQL injections at the database layer

  14. How to find vulnerabilities by looking at code

  15. Proper coding techniques to prevent SQL injections



To understand how SQL injections work and how to perform them as well as defend against them, you must have:

  • Experience working with web applications

  • Experience with SQL

Suggestion: You may also wish to take our free Introduction to Application Security (AppSec) course to familiarize yourself with the concepts of Application Security.



My name is Christophe Limpalair, and I have helped thousands of individuals pass IT certifications and learn how to use the cloud for their applications. I got started in IT at the age of 11 and unintentionally fell into the world of cybersecurity.

As I developed a strong interest in programming and cloud computing, my focus for the past few years has been training thousands of individuals in small, medium, and large businesses (including Fortune 500) on how to use cloud providers (such as Amazon Web Services) efficiently.

I've taught certification courses such as the AWS Certified Developer, AWS Certified SysOps Administrator, and AWS Certified DevOps Professional, as well as non-certification courses such as Introduction to Application Security (AppSec), Lambda Deep Dive, Backup Strategies, and others.

Working with individual contributors as well as managers, I realized that most were also facing serious challenges when it came to cybersecurity.

Digging deeper, it became clear that there was a lack of training for AppSec specifically. As we explore in the course, SQL injections are far too common and can be devastating to organizations.

It's time to take security into our own hands and to learn how to build more secure software in order to help make the world a safer place! Join me in the course, and we'll do just that!

I welcome you on your journey to learning more about SQL injections, and I look forward to being your instructor!

Who this course is for:

  • Web Developers
  • Pentesters
  • Database administrators
  • Software Developers
  • Cloud Engineers
  • Application Security Engineers
  • Risk Analysts


Co-Founder of Cybr and developer at heart
Christophe Limpalair
  • 4.5 Instructor Rating
  • 1,176 Reviews
  • 51,803 Students
  • 6 Courses

After writing his first lines of code at the age of 11, Christophe developed a passion for technology. Frustrated with the state & cost of education, he spent the last few years training individuals and organizations (SMB & F500) on how to use the cloud by pioneering hands-on training technologies. After his journey of building two successful IT businesses to acquisition in the last six years, he realized that most struggle with building secure software, so he co-founded Cybr to help make the world a more secure place through community and training.

We're here to help you build your cybersecurity career
Cybr Training
  • 4.5 Instructor Rating
  • 1,176 Reviews
  • 51,803 Students
  • 6 Courses

We are an online community and training platform, and we're here to help you build your cybersecurity career.

Cybr was founded in 2020 by veterans of the IT and training industries who have helped individuals learn new skills and get certified, and businesses deploy training initiatives across their organization.

We believe that the world can be a safer place through training and community, and we intend to carry out that mission one person at a time! Join us on this mission and build your cybersecurity career regardless of your current skill level.

Top companies trust Udemy

Get your team access to Udemy's top 19,000+ courses