1
00:00:04,420 --> 00:00:05,350
Hello, everyone.

2
00:00:05,470 --> 00:00:06,580
Welcome to my calls.

3
00:00:07,180 --> 00:00:12,570
In this lecture, you will learn about Estevan and is Kumal injection of Harner.

4
00:00:12,580 --> 00:00:14,560
I mean, it is part of one.

5
00:00:16,510 --> 00:00:19,060
Hearties SDM, an injection.

6
00:00:21,250 --> 00:00:29,080
We have a thing that a Web application may have many times of partner abilities that attack attackers

7
00:00:29,110 --> 00:00:32,560
again explored using different types of attack.

8
00:00:33,220 --> 00:00:40,700
We have also learned that calling security testing is a part of prevention AGIP.

9
00:00:40,770 --> 00:00:49,570
In addition, Destra, your job will be to find those vulnerabilities for your clients in a Web application.

10
00:00:54,300 --> 00:01:00,630
Let me tell you about the one key feature of is GM in injection in the very beginning?

11
00:01:01,320 --> 00:01:12,720
Is GM an injection is rare and it is not considered as severe as cross site scripting are X, X, E

12
00:01:12,870 --> 00:01:13,410
attacks.

13
00:01:14,170 --> 00:01:24,930
However, it could be disruptive because it could deface a Web site, it a quality engine, the appearance

14
00:01:24,990 --> 00:01:26,130
of the Web site.

15
00:01:26,910 --> 00:01:33,450
It cannot penetrate through the system and IT oestriol that data.

16
00:01:35,050 --> 00:01:38,410
It cannot even destroy the database.

17
00:01:39,020 --> 00:01:47,260
How you've heard this part up, security testing should not be missed because as I have mentioned.

18
00:01:48,670 --> 00:01:56,980
Earlier it a, quote, deface a Web site appearance, and that may cost your client.

19
00:01:58,250 --> 00:01:59,150
Reputation.

20
00:02:03,370 --> 00:02:05,360
We should be our all.

21
00:02:05,740 --> 00:02:16,780
And at the risk, the Estevan injection attackers may try to instill in users the data by posting a

22
00:02:16,790 --> 00:02:19,270
fake logging form.

23
00:02:20,380 --> 00:02:25,640
We will find that upon our abilities in our bilateral lab.

24
00:02:26,600 --> 00:02:34,540
Furthermore, we can summarize a few key points about a simple injection.

25
00:02:35,610 --> 00:02:37,120
Esteemable Amirli injection.

26
00:02:37,240 --> 00:02:40,900
Is there rendering at ASTM?

27
00:02:40,900 --> 00:02:48,100
Any injection code is injected into a wave is a way state executed.

28
00:02:48,430 --> 00:02:54,760
That is D.M. injection code and renders it contains.

29
00:02:56,840 --> 00:03:00,290
Finding estimate, indication one of the abilities.

30
00:03:02,340 --> 00:03:12,660
The esteemable injection attackers may try to destroy your Web application by injecting arbitrary SDM

31
00:03:12,660 --> 00:03:16,620
metal code into a mannerable or appears.

32
00:03:17,760 --> 00:03:30,240
The following base up BW FPP application shows us a mannerable log-in from here you can enter any type

33
00:03:30,240 --> 00:03:31,800
of base tehmina injection.

34
00:03:32,130 --> 00:03:35,890
That base will execute and render the outboard.

35
00:03:36,450 --> 00:03:38,190
It is a call reflected.

36
00:03:39,160 --> 00:03:46,000
A steel mill injection because it will reflect the output to the end user.

37
00:03:46,920 --> 00:03:48,380
This is the figure.

38
00:03:49,080 --> 00:03:56,540
Basically, that user is able to control the input point and inject arbitrary SDM code.

39
00:03:56,760 --> 00:04:01,860
That may include malicious links with a may trigger more.

40
00:04:03,870 --> 00:04:07,050
Sinister X is attacks.

41
00:04:07,440 --> 00:04:16,860
It is reflected because there is damage, code is render and controlled by the user as their penetration

42
00:04:16,860 --> 00:04:17,490
tester.

43
00:04:17,790 --> 00:04:27,800
You can test a client's web application by injecting arbitrary ASTM in code if it reflects and is a

44
00:04:27,800 --> 00:04:29,040
controlled by you.

45
00:04:29,490 --> 00:04:32,200
The application has Mohannad abilities.

46
00:04:33,340 --> 00:04:37,410
The input of farms are not properly sanitized.

47
00:04:40,220 --> 00:04:47,090
In these pictures, I have injured my first name in the first takes extra box, but in the second takes

48
00:04:47,090 --> 00:04:47,520
to walk.

49
00:04:47,960 --> 00:04:49,050
I have injured.

50
00:04:49,900 --> 00:04:54,050
There's a simple type up SDM in code.

51
00:04:55,860 --> 00:05:01,970
You can see that reflected ASTM in injection look like these.

52
00:05:02,760 --> 00:05:10,380
The Honorable Way is Ezekiel's stuccoed and it endres it in the lower part of that whip is.

53
00:05:12,890 --> 00:05:13,950
Let us open.

54
00:05:14,230 --> 00:05:16,260
Barb Thweatt and.

55
00:05:17,530 --> 00:05:24,810
With the intercept on, we will allow that data to pass through it.

56
00:05:25,990 --> 00:05:30,150
Sees the BW FPP application has been made.

57
00:05:31,650 --> 00:05:38,430
Intentionally mannerable, the farm data has not been validated properly.

58
00:05:40,010 --> 00:05:45,130
We can read anything that passes through the farm field.

59
00:05:47,770 --> 00:05:49,630
This is the figure.