Introduction to Injection Flaws - Deep Dive - Injection Vulnerability | Coursera

Browse
Top Courses
Log In
Join for Free

Introduction to Injection Flaws

Loading...

Network Security & Database Vulnerabilities

4.6 (1,358 ratings) | 29K Students Enrolled

Course 4 of 8 in the IBM Cybersecurity Analyst Specialization

Enroll for Free

This course gives you the background needed to understand basic network security. You will learn the about Local Area Networks, TCP/IP, the OSI Framework and routing basics. You will learn how networking affects security systems within an organization. You will learn the network components that guard an organization from cybersecurity attacks. In addition to networking, you will learn about database vulnerabilities and the tools/knowledge needed to research a database vulnerability for a variety of databases including SQL Injection, Oracle, Mongo and Couch. You will learn about various security breach types associated with databases and organizations that define standards and provide tools for cybersecurity professionals. This course is intended for anyone who wants to gain a basic understanding of Network Security/Database Vulnerabilities or as the fourth course in a series of courses to acquire the skills to work in the Cybersecurity field as a Jr Cybersecurity Analyst.

Skills You'll Learn

database vulnerabilities, Network Security, Sql Injection, Cybersecurity, networking basics

Reviews

4.6 (1,358 ratings)

5 stars
72.45%
4 stars
21.42%
3 stars
4.05%
2 stars
1.32%
1 star
0.73%

AH

Jun 14, 2020

The content is basic overview of network security. I would say that the lecture videos of the first 2 weeks were just 'okay'. But the practice quizes made the content easily understandable.

OA

Jul 5, 2020

Great course, meticulous facilitators. Thanks you all. I was once a novice in Cybersecurity but now I am well tutored to take on challenging problems and provide solution.

From the lesson

Deep Dive - Injection Vulnerability

In this module you will hear an IBM Subject Matter expert discuss the common vulnerability of Injection. You will learn the basics around OS Command Injection and SQL Injection.

Welcome to Deep Dive - Injection Vulnerability0:20

Introduction to Injection Flaws3:43

OS Command Injection Part 18:57

OS Command Injection Part 25:02

OS Command Injection Part 37:32

Taught By

IBM Security Learning Services
IBM Global Subject Matter Experts

Try the Course for Free

Transcript

In this video, you will learn to: describe the nature of various injection attacks and their prevalence on the threat landscape. My name is Dmitriy Beryoza. I am a member of X-force Ethical Hacking Team. A little bit about what we do; we do penetration testing of security products. We test products before they're released to customers. For those who don't know, penetration testing is a type of security testing, where a tester or QA person acts as an attacker, as a hacker. So we use very same techniques and tools as the bad guys out there use to attack customers and products, and that helps us find security holes and we report them to development. They get fixed before the products are released. In these presentations that we do, we show you a lot of examples that we see in real case scenarios out there. Hopefully, with the recommendations that we give, you would be able to both address and prevent security bugs in your software. So let's get started. Injection flaws, if we give a definition, they usually allow attackers relay malicious code through the vulnerable application to another system. Could be operating system, could be a database server, LDAP server, and just pretty much any component that accepts scripting as input. As you can see from this chart, they're fairly common. But what makes them special is that usually they're rated as high issues, top issues, and they're extremely dangerous. In the worst case scenario, they may allow full takeover of the vulnerable system. You may be familiar with OWASP Top 10 list, it's open web application security project. It gives you a list of most common security vulnerabilities that afflict web applications. As you can see from year to year, from previous version in 2013 to the current version in 2017 of the list, injection vulnerabilities are at the very top of the list. They are considered as the most dangerous type of vulnerability out there. There's also SANS Top 25, a list that you may be familiar with. Here you can see it's the same picture. Positions one and two are taken by SQL injection and OS Command injection. There's agreement throughout the industry that these are the most dangerous types of vulnerabilities out there. Injection vulnerabilities, we hear about them in the news constantly. They made possible some of the most dramatic hacks in recent history. The one that you probably heard of last year was Equifax hack, where hackers use this type of vulnerability to leak data of a 150 million US and Canadian citizens. That was truly massive, probably even the fact that some people on this call. Another example is the hack of TalkTalk, which is a British telecom company, records of 157,000 customers were exposed through SQL injection. If you read through news, you see these types of vulnerabilities come up very often and the end result of these types of leaks are lots of customer data being leaked, personal user information being leaked. They're really, really dangerous.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera Footer

Top Online Courses

Finding Purpose & Meaning in Life
Understanding Medical Research
Japanese for Beginners
Introduction to Cloud Computing
Foundations of Mindfulness
Fundamentals of Finance
Machine Learning
Machine Learning Using Sas Viya
The Science of Well Being
Covid-19 Contact Tracing
AI for Everyone
Financial Markets
Introduction to Psychology
Getting Started with AWS
International Marketing
C++
Predictive Analytics & Data Mining
UCSD Learning How to Learn
Michigan Programming for Everybody
JHU R Programming
Google CBRS CPI Training

Top Online Specializations

Natural Language Processing (NLP)
AI for Medicine
Good with Words: Writing & Editing
Infections Disease Modeling
The Pronounciation of American English
Software Testing Automation
Deep Learning
Python for Everybody
Data Science
Business Foundations
Excel Skills for Business
Data Science with Python
Finance for Everyone
Communication Skills for Engineers
Sales Training
Career Brand Management
Wharton Business Analytics
Penn Positive Psychology
Washington Machine Learning
CalArts Graphic Design

Online Certificates

Professional Certificates
MasterTrack Certificates
Google IT Support
IBM Data Science
Google Cloud Data Engineering
IBM Applied AI
Google Cloud Architecture
IBM Cybersecurity Analyst
Google IT Automation with Python
IBM z/OS Mainframe Practitioner
UCI Applied Project Management
Instructional Design Certificate
Construction Engineering and Management Certificate
Big Data Certificate
Machine Learning for Analytics Certificate
Innovation Management & Entrepreneurship Certificate
Sustainabaility and Development Certificate
Social Work Certificate
AI and Machine Learning Certificate
Spatial Data Analysis and Visualization Certificate

Online Degree Programs

Computer Science Degrees
Business Degrees
Public Health Degrees
Data Science Degrees
Bachelor's Degrees
Bachelor of Computer Science
MS Electrical Engineering
Bachelor Completion Degree
MS Management
MS Computer Science
MPH
Accounting Master's Degree
MCIT
MBA Online
Master of Applied Data Science
Global MBA
Master's of Innovation & Entrepreneurship
MCS Data Science
Master's in Computer Science
Master's in Public Health

Coursera

About
What We Offer
Leadership
Careers
Catalog
Certificates
MasterTrack™ Certificates
Degrees
For Enterprise
For Government
For Campus

Community

Learners
Partners
Developers
Beta Testers
Translators
Blog
Tech Blog
Teaching Center

More

Terms
Privacy
Help
Accessibility
Press
Contact
Directory
Affiliates

Learn Anywhere

Get it on Google Play

© 2021 Coursera Inc. All rights reserved.