What is SQL? In this lecture and the next few lectures we’re going to be talking about a popular type of vulnerability is called SQL injections. Before we start talking about how this alchemist and how to exploit it, let’s first learn what SQL is now for. If you’re getting a pen test on a certain website, chances are this website is a little bit bigger than small all our websites, so it’s probably using a database. Most websites other than very simple websites use databases. The databases are used…

Discovering Websites On The Same Server In this lecture, I’d like to highlight a very important note when it comes to website penetration testing. Websites are installed on web servers on normal computers. Like we said before, these normal computers have IP addresses. And using the IP address we can access our target website. Now, in many scenarios, your target website or your target server server will contain a large number of websites. So it’ll have the website that you’re looking for that you’re targeting, but it will also contain…

Gathering Basic Information Using Whois Lookup As usual, the first thing that we do before we start trying to exploit or find any vulnerabilities, we do information gathering. So we try to gather as much information as possible about the target. And web applications are no different. So we’re going to start by trying to get as much information as we can about the target IP address, the domain name info technology is used on the website. So what programming language is used, what kind of server is installed on…

Remote File Inclusion Vulnerabilities – Configuring PHP Settings Remote file inclusion is a special case of file inclusion vulnerabilities. We’ve seen in the previous video how we were able to include any file in the server and have access to it through local file inclusion vulnerabilities. In today’s video, if the server is configured to allow a certain function called Allow URL and Allow URL f open, then we will be able to include any file from any computer into the target website. So we’ll literally be able to inject…

Discovering & Exploiting File Upload Vulnerabilities To Hack Websites In this lecture we’re going to have a look on file upload vulnerabilities. These are the simplest type of vulnerabilities because they allow us to upload any type of file. So for example, if the target computer can understand PHP, then we can upload any PHP file or a PHP shell and get full control over the target computer. Now if the target or the target server understands Python or any other language, then you can just upload Python code, python…

Introduction to Cross Site Scripting? In this lecture and the next few lectures, we’re going to talk about a vulnerability called XSS. XSS is short for cross site scripting. This type of vulnerability allows an attacker to inject JavaScript into a page. So JavaScript is a programming language and using this vulnerability, an attacker attacker would be able to execute code written in JavaScript into a certain page, into a website. JavaScript is a client side language, so when the code is executed, it will be executed on the client,…

Spark Pool – Combined Power In this chapter, I just want to have a review on the combined power that you have in Azure Synapse. So you have your dedicated SQL Pool in which you can host your SQL data warehouses, and you have the Spark Pool in which you can run your data processing workloads. Remember, as part of your Derrick SQL Pool, you have the Control Node. This accepts all of the queries and then it distributes them onto the different compute nodes. And in Spark the same…

Lab – Spark Pool – Removing NULL values Now, in this chapter I want to show you a couple of aspects. So first is the grouping of your data. This is similar to the group by clauses that you have in SQL. And also how do you remove null values. Now, before that, I just wanted to let you know that one of the reasons as to why I have set my session timeout to 30 minutes is because if it is idle for 30 minutes, then your state will…

Lab – Spark Pool – Starting out with Notebooks Now in the last chapter we had gone ahead and create a Spark pool. Now in this chapter and in the subsequent chapters, we’ll see some simple examples when it comes to now working with notebooks. And during the day I’ll also explain some of the important concepts when actually comes to Spark. So here, here I have some commands in Scala. Now what I’ll do is that in Visual Studio code, I’ll just go on to extensions, let me search…

Scala – List collection Now in this chapter I just want to briefly go through the list collection which is available. So there are many collections you can actually define in Scala. One is the list collection. So now here when I’m defining a variable, instead of defining a simple variable of an integer or a string or a boolean value, I’m defining it as now a list of integers. So normally when you’re dealing with data, you’re not dealing with just one piece of data, you might be dealing…