Posts

What is SQL Injection?

Image
Greetings, it's like forever since the last time I share a post. a lot of things happened, now I'm working at a cybersecurity company in Malaysia as a Security Consultant. straight to the point, today I want to share about SQL Injection. note: all the knowledge shared is for educational purposes only.  What is a SQL injection? SQL injection is one of the common vulnerabilities found during application penetration testing. This vulnerability happened because the developer of the application did not apply secure coding during development.  This vulnerability mainly allows the attacker to manipulate the SQL query that the application uses to call data from the database with their own SQL query.  There are three common types of SQL Injection. Error Based The reason for the name "Error Base" is because when the original SQL query is used to query data from the database interrupted ( ' ) it will throw an SQL error. For example: Injected  SQL query: SELECT A From B where

FREE !! Certified Ethical Hacker (CEH)

Image
Certified Ethical Hacker (CEH) is a qualification obtained in assessing the security of computer systems, using penetration testing techniques. The code for the CEH exam is 312-50, the certification is in Version 8 as of late 2013. Penetration tests are usually employed by an organization who trusts them to attempt to penetrate networks and/or computer systems for the purpose of finding and fixing computer security vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems without prior authorization from the owner) is a crime in most countries, but penetration testing done by request of the owner of the victim system(s) or network(s) is not. The EC-Council offers another certification, known as Certified Network Defense Architect (CNDA). This certification is designed for United States Government agencies and is available only to members of selected agencies. Other than the name, the content of the course is exactly the same. The exam code for