Evaluate SQL Injection

Goal:
Check if any URL parameters are vulnerable to SQL injection (SQLi).

Steps:

Look for URLs with query parameters, like:
https://www.drishya.fun/api/projects?id=1

Run this command in your terminal:

Bash

1sqlmap -u "https://www.drishya.fun/api/projects?id=1" --batch --dbs

If SQLi is detected, you can explore deeper using:
--tables (View table names)
--dump (Extract data)

What to Watch For:

Errors indicating database response

SQLmap discovering database names

Unauthorized access to data

Important:
Only test SQLi on domains you own or have permission to audit.

Fig 1

Fig 2

Fig 3

Congratulations! You've Completed the Course

You've successfully completed all 46 chapters of this course.

You might also be interested in

Digital Twin III – “The Cyber-Hardened Portfolio”

Hack me if you can! Your portfolio is no longer just a showcase of your achievements — it is now an active target. Every professional Web application backed by a database of users is a potential entry point for attackers, and the developers who succeed are those who can defend, monitor, and continuously harden their systems. Digital Twin III challenges you to transform your personal portfolio into a cyber-secured, intelligence-driven digital asset — one that not only looks impressive, but proves its resilience under real-world conditions. This is where your skills move beyond basic deployment. You will implement a secure content management system, protect private user data, integrate defensive controls like WAF and firewalls, and design visible countermeasures against threats such as: * SQL injection * Prompt injection * Authentication/authorization failures * Broken access control * Malicious payloads * Automated bot attacks Your portfolio becomes a live cyber lab — built to be tested, attacked, and improved through real telemetry. You will upload evidence of each security layer: logs, attack statistics, CVSS scoring, risk reports, penetration test results, remediation notes, and resilience patterns. Your Digital Twin doesn’t claim to be secure — it demonstrates it. By the end of this course, your public website will: * Host your professional identity & project content * Detect and block real cyber threats in real-time * Analyse attacker behaviours * Communicate your cyber maturity to employers * Show your ability to manage security as a lifecycle — not a checkbox This is your opportunity to build something professionally defensible — a deployable, auditable case study that proves you understand the realities of modern cyber security. Welcome to Digital Twin III — the version of you that cannot be exploited.

Digital Twin II (Web and Voice Agent)

Digital Twin II is a hands-on, full-stack AI engineering project focused on turning you into a web-accessible and voice-accessible AI persona. The goal is to build a fully functional chat- or voice-enabled Digital Twin that lives on the web and can autonomously communicate with visitors — particularly recruiters, hiring managers, and potential collaborators — while reflecting your personality, skills, and professional brand. You will build a production-style application that: • Has a real frontend and user experience • Stores and tracks conversations and leads • Handles scheduling and CTAs (Call-To-Action actions) • Optionally supports phone calls and voice-driven interactions This course is specifically designed for developers who already possess: ✔Modern web development knowledge (React, Next.js, TypeScript) ✔ Experience with CRUD, authentication, and full-stack workflows ✔ Understanding of spec-driven development and GitHub workflows ✔ Familiarity with agentic coding tools (Copilot, Claude Opus 4.5+) If Digital Twin I defined the intelligence, Digital Twin II defines the presence.

Digital Twin I (RAG Solution)

This course centres on a live industry project where you design and deploy a "Digital Twin"—a personal AI agent capable of autonomously representing its creator in professional job interviews. By leveraging Retrieval-Augmented Generation (RAG) and the Model Context Protocol (MCP), you will build a system that can semantically search its own professional history to provide factual, context-aware answers to recruiters and hiring managers. You will move from theory to application by mastering the following technical domains: • RAG Architecture: Implementing semantic search using vector databases to ground AI responses in factual studies and professional experiences. • MCP Server Development: Building Model Context Protocol servers (using Next.js/TypeScript) to integrate local data with AI agents. • Data Pipeline Engineering: Annotating, enriching, and embedding professional profiles (JSON) into vector storage. • AI-Powered Workflow: Utilising VS Code Insiders and GitHub Copilot to drive development and simulate agentic behaviours. • Team Collaboration: Managing a software lifecycle using GitHub for version control (Pull Requests, branches) and ClickUp for project management