SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a backend database.
The objective of this lab is to provide expert knowledge on SQL Injection attacks and other responsibilities that include:
Understanding when and how a web application connects to a database server in order to access data
Extracting basic SQL injection flaws and vulnerabilities
Testing web applications for blind SQL injection vulnerabilities
Scanning web servers and analyzing the reports
Securing information in web applications and web servers
A SQL injection attack is performed by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
As an expert ethical hacker, you must use diverse solutions, and prepare statements with bind variables and whitelisting input validation and escaping. Input validation can be used to detect unauthorized input before it is passed to the SQL query.
SQL Injection Exercises
Ethical Hacking Exercises / SQL Injection contains the following Exercises:
- SQL Injection Attacks on MS SQL Database
- Testing for SQL Injection Using IBM Security AppScan Tool
The Virtual Private Cloud for this Lab set utilizes:
Ethical Hacking Exercises are available as part of the following subscription:
Each subscription provides 6 months access to over 75 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.
Lab exercises are included for:
- Footprinting and Reconnaissance
- Scanning Networks
- System Hacking
- Trojans and Backdoors
- Viruses and Worms
- Social Engineering
- Denial of Service
- Session Hijacking
- Hacking Webservers
- Hacking Web Applications
- SQL Injection
- Hacking Wireless Networks
- Evading IDS, Firewalls and Honeypots
- Buffer Overflow