🔥 Challenge: Sharpen Your Skills with SQL Injection Labs!

[ghostinhershell]

Hey GitHub Community! 👋

Last week we learned about GitHub's Bug Bounty Program, what it is and how you can participate: 🔍 Understanding GitHub's Bug Bounty Program: A Guide to Getting Involved.

Not sure if you're ready to jump right in and contribute? Looking for a challenge to help you over the contribution hump? This week’s Bug Bounty Challenge is all about SQL Injection Vulnerabilities (SQLi)—one of the most common and critical web vulnerabilities. Whether you’re just starting out or looking to refine your expertise, this challenge is a great way to test your skills and learn something new!

The Challenge

• ✅ Review the SQL Injection Web Security Academy to understand the fundamentals.
• ✅ Complete at least one SQL Injection lab from PortSwigger’s SQL Injection Labs. Choose from different difficulty levels based on your experience:
  • 🟢 Apprentice – Beginner-friendly, great for learning the basics.
  • 🔵 Practitioner – Intermediate level, introducing more complexity.
  • 🔴 Expert – Advanced challenges for experienced security researchers.
• ✅ Share your results in the comments—what did you learn? Which lab did you complete?

What’s in It for You?

By taking part in this challenge, you’ll gain hands-on experience in identifying and exploiting SQLi vulnerabilities. Plus, participants who successfully complete a lab and share their insights will have a chance to earn a free voucher for the GitHub Advanced Security certification test! 🎉

How to Participate

1. Explore the SQL Injection Web Security Academy.
2. Select and complete at least one SQL Injection Lab from the SQL Injection Labs List.
3. Drop a comment below sharing your experience—what did you learn? Which lab did you complete?

This challenge is a great starting point for beginners and essential knowledge for experienced security researchers. Let’s see what you’ve got—happy hacking! 🔍🚀

[savvycodings]

Finished Cross-Site Scripting. As someone who has been hacking for the past few years, it's been a fundamental backbone of mine. I really should do the certification, xD.

[Josealbet]

La vdd que para mí a sido algo que no enpododi dejar de ASER desde que comencé tuve que aprender poco a poco más creo que ay boybyo en lo personal quise saber más sobre esto y quiero perfecionar algunos o muchos errores que e tenido al momento de ASER esto de código gibhub

[savvycodings]

@ghostinhershell its says i need to write in the next two days any way we can make it later?

[ghostinhershell]

@savvycodings is it asking you to take the test within the next two days? Can you copy the message you're seeing on your end, or send a screenshot, so that I can follow up with the Certifications team?

[savvycodings]

yes please 2 days is a very short limit xD please help

[savvycodings]

@ghostinhershell any update?

[Salgado2004]

Just tried the SQL injection with filter bypass via XML encoding! It was a fun challenge and I'm glad I got to know more about SQL Injection and how it works.

When dealing with GitHub Code Scanning or Fortify, I'm often get frustrated with alerts popping up in points of code I think "It would never happen here", but now I understand that can actually be exploited. Very interesting 🚀

Also, I liked to learn about the Hackvertor tool!

[ghostinhershell]

Hey @Salgado2004, thanks so much for participating!

Great news! You've earned a voucher to take the GitHub Advanced Security Certification exam for free! When you log into the GitHub certification registration site you will see that you have a discount available.

Here is a guide on how to register: Guide to register.pdf. Since you already have a GitHub account, you can skip steps on creating a GitHub handle and joining an organization.

Last, here are some resources that you can use to help you prepare for this exam:

• GHAS Certification Exam Prep: Part One - Getting Started 🔒
• GitHub Advanced Security Learning Path
• GitHub Advanced Security Exam Study Guide

Thanks again for participating and good luck!!!

[Salgado2004]

Hello @ghostinhershell! Thank you very much! It was a pleasure to participate and learn a little bit more 😊

[anurxggg]

Please help, I have a low device phone, I want to develop ai

[ghostinhershell]

Hey there, thanks so much for reaching out in the community @anurxggg! However, this question isn't relevant to the post above. You would probably have more luck, and receive more help, if you posted this question within an appropriate category for the question. For example, the New to GitHub Community (since it looks like you are a new GitHub user) or the Copilot Community.

[KingAJ911]

I need a team to help me develop the program.

[beauclai]

Hi how are u doing guys

[ghostinhershell]

Hi @KingAJ911, we're happy you're here 😀

However, we currently do not allow job listings on the Community Discussions. It is something that we've added to the list to investigate, if we can do so without overwhelming other conversations. Keep checking back as the Community grows and we add more capabilities!

Thanks for your interest 👍

[Shweta4398]

I tried completing almost all the labs for SQL Injection in Portswigger !! The blind sqli one's interesting specifically the time delays ones !! It was fun learning SQL injection and many of union attacks and gathering the data from the Database.

I am on the verge of taking the BSCP ceritification . Hence covering all the topics one by one . It would take time but I must say certification would add too much value !!

Thanks !!

[noob6t5]

I am automating this with entropy and pattern detection . Now the Trouble is with Storage of those result :)