Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨
Your video material is actually way better than the instructions provided in the academy itself. The guys at the academy would be crazy not to approach you to incorporate your material into their platform.
Your material answers all the questions I have when doing the lab's when I think of "what if..." and it really helps complete the whole picture. Will probably sign up soon when I have some time and money!
Very comprehensive and insightful. Never had anyone explain SQL injection in such a manner. Was very easy to follow through. Thank you. Great work! Awaiting more content.👍
Thank you so much, amazing work. Actually it's the most up-to-date work, covering everything from a white/grey/black box perspective. Again, thank you! You are awesome :D
I am here after watching the Broken access vulnerability topic with David Bombal. The way of your teaching is outstanding and thanks for sharing such a valuable knowledge.
Reviewing some of these things to fresh up my memory in order to create my own content on the subject (but in italian), and well, excellently explained, thank you very much!
Your teaching methodolgy is really amazing. I have no previous tech experience a complete newbie with some basic knowledge and I completey understand what is being explained. Thank you so much for putting in so much of time and efforts and keep up the good work ma'm.
Thank you so much for your amazing course, your effort and your time! I really like the consistency in the slides format & flow of explanation for each topic and how you organise the playlists for each topic with short and long versions 😊
I've been studying for the GSEC for work, and it's really taken away time from all of my offensive security studying, but I'm finally sitting down for some free time to study and checking out your tutorials. They've all looked great from the handful I've watched while on in the background while working, but I'm looking forward to really digging in and using them to get ready for the Burpsuite Cert after my GSEC test in December. Thanks for all of the hard work!
Ha! Saw my old comment here and figured I'd update. I got the GSEC checked out, and now I'm back learning all of this all over again since I'm studying for the GWAPT. Thanks again for all of the great videos!
This presentation is realy realy useful for beginners or students , it explains every details of the topic and and has example of queries and payloads for real-life stuations . Please keep going to do it for young collegues and students. Thank you for your effort.
Huge fan! Been following you since the days of your medium writeups. Thank you for your content, you have undoubtedly upgraded my infosec career. Keep doing what you are doing. Hope you continue with videos on this subject matter.
I've enjoyed your previous write-ups but this video is sooo stellar!! I've always struggled with getting a good handle on SQLi in the past and mostly just left it up to the automated tools but this guide has given me a much better approach and methodology to apply to injection scenarios. I really appreciate your efforts and look forward to future videos!
Thank you! The next 16 videos cover SQLi hands on exercises. By the end of this module, not only will you be become a pro at exploiting SQLi vulnerabilities manually but you'll also learn how to automate the exploitation in python ;)
@@RanaKhalil101 I started thinking about the flow of a python script for this as you were explaining the boolean-based injection. I'm still a python novice however so appreciate learning new methods. 😁
Thank you Rana for your tutorials. Your explanations are clear and concise and I easily grasp these concepts with ease. I have a question about Boolean-Based Blind SQLi. Is it possible that to optimise the finite brute force of each character, the attacker makes use of binary search to find the character, say instead of (…., 1, 1) = ‘s’, the attacker injects (…., 1, 1) < ‘s’, that’d work right?
Really appreciate your efforts and time you put into making these tutorials , these are really helpful and qualitative .also expecting Such more tutorials based on the course ahead . again thank you for sharing your knowledge you're giving back to the community in the amazing way.🙌
Buenas tardes Rana, te he conocido gracias a un video que realizaste con David Bombal, y me pareció fantástico y tu super simpatica. Soy una persona normal y corriente, y he tenido recientemente una mala experiencia con una empresa realizando trading, bueno ya te puedes imaginar. Jamás pensé que llegara a ser tan incrédulo. Me gusta mucho como te explicas y lo puedo comprender todo hasta ahora. Nunca es tarde para aprender. Voy a ver que tal empiezo con tus tutoriales y si me llenan como hasta ahora, aportaré al canal de la manera que pueda para que sigamos aprendiendo de tus habilidades. Un saludo.
very interesting, as i've been dealing with such a problem myself (was hacked by ransomware on a university server...) what i don't understand is how you loop over a long hash checking every character: this is classical brute force and should take thousands of years... :)
Thanks for the great content. One question for me: could you elaborate on Inferential SQLi please? how there is no communication established with Server-side or any data-transfer but we get response from DB or Web Application?
There is definitely communication with the server-side. What I mentioned in the video, is that there is no direct transfer of data from the database. So unlike Union-based SQLi, I can't simply output the entire hash. Instead, I ask the application true and false questions and based on varying responses in the application, I can infer that the statement that I asked is true or false. Try and solve this lab to learn more about Blind SQLi: portswigger.net/web-security/sql-injection/blind/lab-conditional-responses
I have three questions: 1)Do you recommend Securing DevOps: Security in the Cloud to read or WAHH handbook? Which one is better, any comparison pros cons appreciated. 2) for real world practices, portswigger labs or hackTheBox or hackerone? Pros/Cons? any thoughts 3) for learning hands-on scripting & automation, what do you suggest?
Mam i became fan of your work, please reply to my question, how you are able to manage time in making this many hours of lengthy content with great quality. What is your motivation?❤👍
Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨
i don't have money to purchase .
@@bigbrain786 $29 save up.
Is buying the course is intended to support you or there is an additional content added in the paid course.
I don't have money 🥺🥺 so i come here to see
Your video material is actually way better than the instructions provided in the academy itself. The guys at the academy would be crazy not to approach you to incorporate your material into their platform.
your comment made my day!
@@RanaKhalil101 That's great! I'm glad I found your write-ups too. It's just sheer competence right there. Keep up the good work.
@@eonraider GG twitter.com/PortSwigger/status/1366714766895550469?s=19
This
Where have you been all my life? Please continue working on this. This is great!
Yes........ and You comment ( My heart's words).
I am totally new to this world , but your video is good to understand. Thanks
Subhallah! This is what I spend so many months looking for, finally gotten it for free, Thanks alot for the resources.
Your material answers all the questions I have when doing the lab's when I think of "what if..." and it really helps complete the whole picture. Will probably sign up soon when I have some time and money!
I always hate theory but your theory videos are so practical that you can't imagine. It's helping me a lot.
same bro
I also felt that
This was extremely helpful! As someone who was a bit lost in the Web Security Academy this helped fill in the gaps so much. Thank you for this!
Very comprehensive and insightful. Never had anyone explain SQL injection in such a manner. Was very easy to follow through. Thank you. Great work! Awaiting more content.👍
Amazing work, I'm looking forward to the rest of this series!!
Thank you so much, amazing work. Actually it's the most up-to-date work, covering everything from a white/grey/black box perspective. Again, thank you! You are awesome :D
This is first youtube video without dislike i have ever seen. NICE and thank you for the tutorials.
I am here after watching the Broken access vulnerability topic with David Bombal. The way of your teaching is outstanding and thanks for sharing such a valuable knowledge.
You know I have never wrote a single comment in RUclips but your videos make me do it . Thank you so much for your video and please keep it up 👏
Your voice is so soothing. Loved your content. Subscribed
thank you soo much ma'am !!
This video is so important for beginner.Thanks a lot mam for your great initiative.please keep it continuous.
Reviewing some of these things to fresh up my memory in order to create my own content on the subject (but in italian), and well, excellently explained, thank you very much!
These videos are so awesome that I'm watching and taking notes on New Year's Eve, and I'm truly enjoying myself. Thank you! (And happy new year!)
This comment made my day! Happy new year!
MASHALLAH, PROFESSIONAL WAY OF PRESENTATION
Your teaching methodolgy is really amazing. I have no previous tech experience a complete newbie with some basic knowledge and I completey understand what is being explained. Thank you so much for putting in so much of time and efforts and keep up the good work ma'm.
Clear my all doubts,Thnx😊
You are AMAZING! Thank you so much for all the effort and time to bring such an excellent content to the community. You are an inspiration!
thanks for uploading this video I was constantly looking for the resource to study this topic and I finally found this video... it is very helpful
Thank you so much for your amazing course, your effort and your time! I really like the consistency in the slides format & flow of explanation for each topic and how you organise the playlists for each topic with short and long versions 😊
Wow!! Simply awesome! Finally I found a channel which Deep dive into the SQL injection!
I think that you and the company you work for are amazing! Thank you for these vids!🙂
incredibly impressed this is fantastic
with this guide, its easy to understand SQLI , thank u
You're the best! I love your work, and I have learned a lot from you! You deserve a million subs. Tysm😄
Completed the whole video. Going for the next one. Thank you so much for sharing the awesome knowledge ❤️
I've been studying for the GSEC for work, and it's really taken away time from all of my offensive security studying, but I'm finally sitting down for some free time to study and checking out your tutorials. They've all looked great from the handful I've watched while on in the background while working, but I'm looking forward to really digging in and using them to get ready for the Burpsuite Cert after my GSEC test in December.
Thanks for all of the hard work!
Ha! Saw my old comment here and figured I'd update. I got the GSEC checked out, and now I'm back learning all of this all over again since I'm studying for the GWAPT.
Thanks again for all of the great videos!
Love from Pakistan....simple and easy way of teaching...
WOW! Excellent video that clearly explains how we have to think twice (or more) before feeling safe!
I found out about your work on David Bombal's channel. Your channel is fantastic!
Best explanation I would say, simple and straight! Very helpful, thank you!
Your methodology of testing is great. Well done!
This presentation is realy realy useful for beginners or students , it explains every details of the topic and and has example of queries and payloads for real-life stuations . Please keep going to do it for young collegues and students. Thank you for your effort.
Thanks so much, very clear, appreciate all of your hard work behind the scenes
You are doing great job teaching! I wish I could have your determination and attention to detail!
Finest Video On SQL Injection on RUclips ❤
Huge fan! Been following you since the days of your medium writeups. Thank you for your content, you have undoubtedly upgraded my infosec career. Keep doing what you are doing. Hope you continue with videos on this subject matter.
The best instruction on SQL injection!
Mashaallah Sister, I'm proud that I learned from you😊❤
Hey Rana! greetings from Brazil!! Thanks for the great work and content you've been putting up. Looking foward to see your next videos!!!
Thank you for your knowledge. You are paving the way to knowledge for ordinary people
Amazing work. Thanks for providing awesome stuff for free of cost.
This is great. Thanks for doing it. Shared it with my whole team.
Great content given by you for who have not enough money to buy course
I've enjoyed your previous write-ups but this video is sooo stellar!! I've always struggled with getting a good handle on SQLi in the past and mostly just left it up to the automated tools but this guide has given me a much better approach and methodology to apply to injection scenarios. I really appreciate your efforts and look forward to future videos!
Thank you! The next 16 videos cover SQLi hands on exercises. By the end of this module, not only will you be become a pro at exploiting SQLi vulnerabilities manually but you'll also learn how to automate the exploitation in python ;)
@@RanaKhalil101 I started thinking about the flow of a python script for this as you were explaining the boolean-based injection. I'm still a python novice however so appreciate learning new methods. 😁
Thank you Rana for your tutorials. Your explanations are clear and concise and I easily grasp these concepts with ease. I have a question about Boolean-Based Blind SQLi. Is it possible that to optimise the finite brute force of each character, the attacker makes use of binary search to find the character, say instead of (…., 1, 1) = ‘s’, the attacker injects (…., 1, 1) < ‘s’, that’d work right?
Great work! Thank you for doing this. Really means a lot to us beginners❤️ Looking forward to more such informative videos👍
this is NETCLOUTS you are the best teacher i ever have in the world MAY ALLAH grand you with JANNAH
This is the Best Sql explanation on youtube! Keep up the good work👍
Amazing explanation. very clear and right to the point.
Rana, thank you so much for this video! You explain complex topics so simply and clearly! Great!
The great super explanation I deeply loved it and waiting for more series from you.
Assalammualaykum, greetings from Malaysia. There's so much information. Great work! Looking forward next video.
Your voice rhythm made me to watch The way you are teaching was really amazing
Thank you for your hard work .. lots of information packed into this video.
Wow. This is gold. Thank you very much for taking the time to make this incredible material.
Oh my goodness. Thanks so much for your hard work, it was super helpful and your video seems professionally made💙
My new favourite content creator! Thank you so much for this
Concise and straight to the point
Really appreciate your efforts and time you put into making these tutorials , these are really helpful and qualitative .also expecting Such more tutorials based on the course ahead . again thank you for sharing your knowledge you're giving back to the community in the amazing way.🙌
This video is incredibly helpful and insightful. I really look forward to the other videos in this series. Thank you!
Buenas tardes Rana, te he conocido gracias a un video que realizaste con David Bombal, y me pareció fantástico y tu super simpatica. Soy una persona normal y corriente, y he tenido recientemente una mala experiencia con una empresa realizando trading, bueno ya te puedes imaginar. Jamás pensé que llegara a ser tan incrédulo. Me gusta mucho como te explicas y lo puedo comprender todo hasta ahora. Nunca es tarde para aprender. Voy a ver que tal empiezo con tus tutoriales y si me llenan como hasta ahora, aportaré al canal de la manera que pueda para que sigamos aprendiendo de tus habilidades.
Un saludo.
Your work is amazing!! I’m excited for more content
Great content, I learned a lot about sqli. I'm looking forward to learn more from your future videos.
Don't stop ur class is ✨️✨️✨️✨️🥳🥳😘
im glad that i found your channel 1 month ago.. such good content mashallah. keep the contents coming ^_^
Nice tutorial. 👍 I wanna see more tutorials from different topics. 😊
Loved it.. Pls don't stop this series.. ♥
This is amazing. Your video is really easy to understand and I love it! Please continue working on this
Thank you Rana for helping us learn!!! More power to you!
so much information!
will be following with the series
Thanks for sharing the proper content with us. Your voice makes it more attractive to understand 😊👌
wow I can't get enough of your videos, especially this one
Thaaank you so much for your videos Rana and the way you make them and time to create them and everything!! much appreciated ♥♥
Thank you so much.your making this so easy to understand
Thank you, I understand so much better now.
I just wanna say Thank You!. Your videos are awesome.
Nicely explained. Great job Rana... Will be following you in entire series.
I just subscribed. You are very easy to understand and I am excited for more SQL content.
Easy to follow explanation. Great presentation! -:)
Wonderful explanation.... Even kids can understand. Great job.
I like your content. You are great instructor. I like your unique voice too. Thank you so much.
Great work!! Thank you for sharing your knowledge. Looking forward to learning a lot through your channel! :)
very interesting, as i've been dealing with such a problem myself (was hacked by ransomware on a university server...) what i don't understand is how you loop over a long hash checking every character: this is classical brute force and should take thousands of years... :)
The way you explain is 🔥🔥
Amazing way of teaching It was very helpful
Thank you!
really amazing content.
Thanks for the great content.
One question for me: could you elaborate on Inferential SQLi please?
how there is no communication established with Server-side or any data-transfer but we get response from DB or Web Application?
There is definitely communication with the server-side. What I mentioned in the video, is that there is no direct transfer of data from the database. So unlike Union-based SQLi, I can't simply output the entire hash. Instead, I ask the application true and false questions and based on varying responses in the application, I can infer that the statement that I asked is true or false. Try and solve this lab to learn more about Blind SQLi: portswigger.net/web-security/sql-injection/blind/lab-conditional-responses
@@RanaKhalil101 now it makes sense, thanks for the explanation 🍀🙏
I have three questions:
1)Do you recommend Securing DevOps: Security in the Cloud to read or WAHH handbook? Which one is better, any comparison pros cons appreciated.
2) for real world practices, portswigger labs or hackTheBox or hackerone? Pros/Cons? any thoughts
3) for learning hands-on scripting & automation, what do you suggest?
Outstanding information, looking forward to continuing the lectures....Thank you
This was awesome content. Thanks for this one. Soon I will enroll in your course in the website.
wow going to support this channel till the end !!!
Nice job Rana, welldone ! just to ask, are same videos content available as written materials, like in pdf? thanks a bunch.
Thank you for posting just a great and informative video. I hope all your dreams come true.
Mam i became fan of your work, please reply to my question, how you are able to manage time in making this many hours of lengthy content with great quality. What is your motivation?❤👍
What an amzaing content. Your way of explanation is simple yet covers everything. Kudos to youand keep going :)