Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨
Your video material is actually way better than the instructions provided in the academy itself. The guys at the academy would be crazy not to approach you to incorporate your material into their platform.
Your material answers all the questions I have when doing the lab's when I think of "what if..." and it really helps complete the whole picture. Will probably sign up soon when I have some time and money!
Very comprehensive and insightful. Never had anyone explain SQL injection in such a manner. Was very easy to follow through. Thank you. Great work! Awaiting more content.👍
Thank you so much, amazing work. Actually it's the most up-to-date work, covering everything from a white/grey/black box perspective. Again, thank you! You are awesome :D
Huge fan! Been following you since the days of your medium writeups. Thank you for your content, you have undoubtedly upgraded my infosec career. Keep doing what you are doing. Hope you continue with videos on this subject matter.
I've been studying for the GSEC for work, and it's really taken away time from all of my offensive security studying, but I'm finally sitting down for some free time to study and checking out your tutorials. They've all looked great from the handful I've watched while on in the background while working, but I'm looking forward to really digging in and using them to get ready for the Burpsuite Cert after my GSEC test in December. Thanks for all of the hard work!
Ha! Saw my old comment here and figured I'd update. I got the GSEC checked out, and now I'm back learning all of this all over again since I'm studying for the GWAPT. Thanks again for all of the great videos!
I've enjoyed your previous write-ups but this video is sooo stellar!! I've always struggled with getting a good handle on SQLi in the past and mostly just left it up to the automated tools but this guide has given me a much better approach and methodology to apply to injection scenarios. I really appreciate your efforts and look forward to future videos!
Thank you! The next 16 videos cover SQLi hands on exercises. By the end of this module, not only will you be become a pro at exploiting SQLi vulnerabilities manually but you'll also learn how to automate the exploitation in python ;)
@@RanaKhalil101 I started thinking about the flow of a python script for this as you were explaining the boolean-based injection. I'm still a python novice however so appreciate learning new methods. 😁
Your teaching methodolgy is really amazing. I have no previous tech experience a complete newbie with some basic knowledge and I completey understand what is being explained. Thank you so much for putting in so much of time and efforts and keep up the good work ma'm.
Thank you so much for your amazing course, your effort and your time! I really like the consistency in the slides format & flow of explanation for each topic and how you organise the playlists for each topic with short and long versions 😊
I am here after watching the Broken access vulnerability topic with David Bombal. The way of your teaching is outstanding and thanks for sharing such a valuable knowledge.
Reviewing some of these things to fresh up my memory in order to create my own content on the subject (but in italian), and well, excellently explained, thank you very much!
This presentation is realy realy useful for beginners or students , it explains every details of the topic and and has example of queries and payloads for real-life stuations . Please keep going to do it for young collegues and students. Thank you for your effort.
Really appreciate your efforts and time you put into making these tutorials , these are really helpful and qualitative .also expecting Such more tutorials based on the course ahead . again thank you for sharing your knowledge you're giving back to the community in the amazing way.🙌
Buenas tardes Rana, te he conocido gracias a un video que realizaste con David Bombal, y me pareció fantástico y tu super simpatica. Soy una persona normal y corriente, y he tenido recientemente una mala experiencia con una empresa realizando trading, bueno ya te puedes imaginar. Jamás pensé que llegara a ser tan incrédulo. Me gusta mucho como te explicas y lo puedo comprender todo hasta ahora. Nunca es tarde para aprender. Voy a ver que tal empiezo con tus tutoriales y si me llenan como hasta ahora, aportaré al canal de la manera que pueda para que sigamos aprendiendo de tus habilidades. Un saludo.
Thank you Rana for your tutorials. Your explanations are clear and concise and I easily grasp these concepts with ease. I have a question about Boolean-Based Blind SQLi. Is it possible that to optimise the finite brute force of each character, the attacker makes use of binary search to find the character, say instead of (…., 1, 1) = ‘s’, the attacker injects (…., 1, 1) < ‘s’, that’d work right?
I liked this video even before starting. I love the givers !! Sply rahana I follow you in twitter. Tha ks for sharing your knowledge. Keep going great ! Love you voice too ❤️
Mam i became fan of your work, please reply to my question, how you are able to manage time in making this many hours of lengthy content with great quality. What is your motivation?❤👍
Hi Rana, This is great work, I like your explanation on these topics and the way you present them really sits well with the way I learn. Thanks for taking the time to put this together, it is really appreciated. Cheers mate :)
Thanks for the great content. One question for me: could you elaborate on Inferential SQLi please? how there is no communication established with Server-side or any data-transfer but we get response from DB or Web Application?
There is definitely communication with the server-side. What I mentioned in the video, is that there is no direct transfer of data from the database. So unlike Union-based SQLi, I can't simply output the entire hash. Instead, I ask the application true and false questions and based on varying responses in the application, I can infer that the statement that I asked is true or false. Try and solve this lab to learn more about Blind SQLi: portswigger.net/web-security/sql-injection/blind/lab-conditional-responses
I have three questions: 1)Do you recommend Securing DevOps: Security in the Cloud to read or WAHH handbook? Which one is better, any comparison pros cons appreciated. 2) for real world practices, portswigger labs or hackTheBox or hackerone? Pros/Cons? any thoughts 3) for learning hands-on scripting & automation, what do you suggest?
![Lp. Сердце Вселенной #60 РОЖДЕНИЕ ЛОЛОЛОШКИ [Финал] • Майнкрафт](http://i.ytimg.com/vi/YoR0pAV9FVQ/mqdefault.jpg)
Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨
i don't have money to purchase .
@@bigbrain786 $29 save up.
Is buying the course is intended to support you or there is an additional content added in the paid course.
I don't have money 🥺🥺 so i come here to see
Your video material is actually way better than the instructions provided in the academy itself. The guys at the academy would be crazy not to approach you to incorporate your material into their platform.
your comment made my day!
@@RanaKhalil101 That's great! I'm glad I found your write-ups too. It's just sheer competence right there. Keep up the good work.
@@eonraider GG twitter.com/PortSwigger/status/1366714766895550469?s=19
This
Where have you been all my life? Please continue working on this. This is great!
Yes........ and You comment ( My heart's words).
Subhallah! This is what I spend so many months looking for, finally gotten it for free, Thanks alot for the resources.
Your material answers all the questions I have when doing the lab's when I think of "what if..." and it really helps complete the whole picture. Will probably sign up soon when I have some time and money!
I am totally new to this world , but your video is good to understand. Thanks
Very comprehensive and insightful. Never had anyone explain SQL injection in such a manner. Was very easy to follow through. Thank you. Great work! Awaiting more content.👍
Amazing work, I'm looking forward to the rest of this series!!
Thank you so much, amazing work. Actually it's the most up-to-date work, covering everything from a white/grey/black box perspective. Again, thank you! You are awesome :D
I always hate theory but your theory videos are so practical that you can't imagine. It's helping me a lot.
same bro
I also felt that
These videos are so awesome that I'm watching and taking notes on New Year's Eve, and I'm truly enjoying myself. Thank you! (And happy new year!)
This comment made my day! Happy new year!
Huge fan! Been following you since the days of your medium writeups. Thank you for your content, you have undoubtedly upgraded my infosec career. Keep doing what you are doing. Hope you continue with videos on this subject matter.
I've been studying for the GSEC for work, and it's really taken away time from all of my offensive security studying, but I'm finally sitting down for some free time to study and checking out your tutorials. They've all looked great from the handful I've watched while on in the background while working, but I'm looking forward to really digging in and using them to get ready for the Burpsuite Cert after my GSEC test in December.
Thanks for all of the hard work!
Ha! Saw my old comment here and figured I'd update. I got the GSEC checked out, and now I'm back learning all of this all over again since I'm studying for the GWAPT.
Thanks again for all of the great videos!
I've enjoyed your previous write-ups but this video is sooo stellar!! I've always struggled with getting a good handle on SQLi in the past and mostly just left it up to the automated tools but this guide has given me a much better approach and methodology to apply to injection scenarios. I really appreciate your efforts and look forward to future videos!
Thank you! The next 16 videos cover SQLi hands on exercises. By the end of this module, not only will you be become a pro at exploiting SQLi vulnerabilities manually but you'll also learn how to automate the exploitation in python ;)
@@RanaKhalil101 I started thinking about the flow of a python script for this as you were explaining the boolean-based injection. I'm still a python novice however so appreciate learning new methods. 😁
MashAllah sister, you've got a great way of teaching. Gonna finish the playlists in sha Allah❤
You know I have never wrote a single comment in UA-cam but your videos make me do it . Thank you so much for your video and please keep it up 👏
This is first youtube video without dislike i have ever seen. NICE and thank you for the tutorials.
You are AMAZING! Thank you so much for all the effort and time to bring such an excellent content to the community. You are an inspiration!
Hey Rana! greetings from Brazil!! Thanks for the great work and content you've been putting up. Looking foward to see your next videos!!!
You're the best! I love your work, and I have learned a lot from you! You deserve a million subs. Tysm😄
thank you soo much ma'am !!
This was extremely helpful! As someone who was a bit lost in the Web Security Academy this helped fill in the gaps so much. Thank you for this!
Your teaching methodolgy is really amazing. I have no previous tech experience a complete newbie with some basic knowledge and I completey understand what is being explained. Thank you so much for putting in so much of time and efforts and keep up the good work ma'm.
Wow!! Simply awesome! Finally I found a channel which Deep dive into the SQL injection!
Your voice is so soothing. Loved your content. Subscribed
Thank you so much for your amazing course, your effort and your time! I really like the consistency in the slides format & flow of explanation for each topic and how you organise the playlists for each topic with short and long versions 😊
I am here after watching the Broken access vulnerability topic with David Bombal. The way of your teaching is outstanding and thanks for sharing such a valuable knowledge.
Reviewing some of these things to fresh up my memory in order to create my own content on the subject (but in italian), and well, excellently explained, thank you very much!
This video is so important for beginner.Thanks a lot mam for your great initiative.please keep it continuous.
I found out about your work on David Bombal's channel. Your channel is fantastic!
My new favourite content creator! Thank you so much for this
This video is incredibly helpful and insightful. I really look forward to the other videos in this series. Thank you!
Thanks so much, very clear, appreciate all of your hard work behind the scenes
Assalammualaykum, greetings from Malaysia. There's so much information. Great work! Looking forward next video.
thanks for uploading this video I was constantly looking for the resource to study this topic and I finally found this video... it is very helpful
This is great. Thanks for doing it. Shared it with my whole team.
Great work! Thank you for doing this. Really means a lot to us beginners❤️ Looking forward to more such informative videos👍
Completed the whole video. Going for the next one. Thank you so much for sharing the awesome knowledge ❤️
This is the Best Sql explanation on youtube! Keep up the good work👍
I think that you and the company you work for are amazing! Thank you for these vids!🙂
This presentation is realy realy useful for beginners or students , it explains every details of the topic and and has example of queries and payloads for real-life stuations . Please keep going to do it for young collegues and students. Thank you for your effort.
Best explanation I would say, simple and straight! Very helpful, thank you!
Really appreciate your efforts and time you put into making these tutorials , these are really helpful and qualitative .also expecting Such more tutorials based on the course ahead . again thank you for sharing your knowledge you're giving back to the community in the amazing way.🙌
Wow. This is gold. Thank you very much for taking the time to make this incredible material.
This is amazing. Your video is really easy to understand and I love it! Please continue working on this
incredibly impressed this is fantastic
Oh my goodness. Thanks so much for your hard work, it was super helpful and your video seems professionally made💙
WOW! Excellent video that clearly explains how we have to think twice (or more) before feeling safe!
im glad that i found your channel 1 month ago.. such good content mashallah. keep the contents coming ^_^
Nicely explained. Great job Rana... Will be following you in entire series.
MASHALLAH, PROFESSIONAL WAY OF PRESENTATION
The great super explanation I deeply loved it and waiting for more series from you.
Well done Rana! Awesome the content.
Maybe you could put the links of the sources in the description? Cheat sheet, web security, etc? :)
Done, thank you for the suggestion!
@@RanaKhalil101 you are amazing ! 👍
Great content given by you for who have not enough money to buy course
Your methodology of testing is great. Well done!
Your work is amazing!! I’m excited for more content
Amazing work. Thanks for providing awesome stuff for free of cost.
You are doing great job teaching! I wish I could have your determination and attention to detail!
Great content, I learned a lot about sqli. I'm looking forward to learn more from your future videos.
Rana, thank you so much for this video! You explain complex topics so simply and clearly! Great!
I just subscribed. You are very easy to understand and I am excited for more SQL content.
Buenas tardes Rana, te he conocido gracias a un video que realizaste con David Bombal, y me pareció fantástico y tu super simpatica. Soy una persona normal y corriente, y he tenido recientemente una mala experiencia con una empresa realizando trading, bueno ya te puedes imaginar. Jamás pensé que llegara a ser tan incrédulo. Me gusta mucho como te explicas y lo puedo comprender todo hasta ahora. Nunca es tarde para aprender. Voy a ver que tal empiezo con tus tutoriales y si me llenan como hasta ahora, aportaré al canal de la manera que pueda para que sigamos aprendiendo de tus habilidades.
Un saludo.
Great work!! Thank you for sharing your knowledge. Looking forward to learning a lot through your channel! :)
really amazing content.
Finest Video On SQL Injection on UA-cam ❤
Love from Pakistan....simple and easy way of teaching...
so much information!
will be following with the series
Thank you Rana for helping us learn!!! More power to you!
wow going to support this channel till the end !!!
Thaaank you so much for your videos Rana and the way you make them and time to create them and everything!! much appreciated ♥♥
This was awesome content. Thanks for this one. Soon I will enroll in your course in the website.
What an amzaing content. Your way of explanation is simple yet covers everything. Kudos to youand keep going :)
Thank you for your knowledge. You are paving the way to knowledge for ordinary people
I just wanna say Thank You!. Your videos are awesome.
Thank you Rana for your tutorials. Your explanations are clear and concise and I easily grasp these concepts with ease. I have a question about Boolean-Based Blind SQLi. Is it possible that to optimise the finite brute force of each character, the attacker makes use of binary search to find the character, say instead of (…., 1, 1) = ‘s’, the attacker injects (…., 1, 1) < ‘s’, that’d work right?
Thank you for your hard work .. lots of information packed into this video.
I liked this video even before starting. I love the givers !! Sply rahana I follow you in twitter. Tha ks for sharing your knowledge. Keep going great ! Love you voice too ❤️
Your voice rhythm made me to watch The way you are teaching was really amazing
Mam i became fan of your work, please reply to my question, how you are able to manage time in making this many hours of lengthy content with great quality. What is your motivation?❤👍
Hi Rana,
This is great work, I like your explanation on these topics and the way you present them really sits well with the way I learn.
Thanks for taking the time to put this together, it is really appreciated.
Cheers mate :)
Guys when I ever I try SQL I'm unable to complete it
with this guide, its easy to understand SQLI , thank u
Loved it.. Pls don't stop this series.. ♥
Thanks for sharing the proper content with us. Your voice makes it more attractive to understand 😊👌
Mashaallah Sister, I'm proud that I learned from you😊❤
Amazing explanation. very clear and right to the point.
Nice tutorial. 👍 I wanna see more tutorials from different topics. 😊
The best instruction on SQL injection!
thank you very much for uploading such wonderful material ✨
Well done, I am really impressed and a very informative one. Please keep up you good work and expecting more video.
Clear my all doubts,Thnx😊
this is NETCLOUTS you are the best teacher i ever have in the world MAY ALLAH grand you with JANNAH
Nice job Rana, welldone ! just to ask, are same videos content available as written materials, like in pdf? thanks a bunch.
wow I can't get enough of your videos, especially this one
Don't stop ur class is ✨️✨️✨️✨️🥳🥳😘
Outstanding information, looking forward to continuing the lectures....Thank you
Thank you for posting just a great and informative video. I hope all your dreams come true.
Thanks for the great content.
One question for me: could you elaborate on Inferential SQLi please?
how there is no communication established with Server-side or any data-transfer but we get response from DB or Web Application?
There is definitely communication with the server-side. What I mentioned in the video, is that there is no direct transfer of data from the database. So unlike Union-based SQLi, I can't simply output the entire hash. Instead, I ask the application true and false questions and based on varying responses in the application, I can infer that the statement that I asked is true or false. Try and solve this lab to learn more about Blind SQLi: portswigger.net/web-security/sql-injection/blind/lab-conditional-responses
@@RanaKhalil101 now it makes sense, thanks for the explanation 🍀🙏
I have three questions:
1)Do you recommend Securing DevOps: Security in the Cloud to read or WAHH handbook? Which one is better, any comparison pros cons appreciated.
2) for real world practices, portswigger labs or hackTheBox or hackerone? Pros/Cons? any thoughts
3) for learning hands-on scripting & automation, what do you suggest?
Easy to follow explanation. Great presentation! -:)
Big promoter of your amazing content. Thanks for sharing with the community. 🙏
Thank you so much.your making this so easy to understand