SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a backend database.
The objective of this lab is to provide expert knowledge on SQL Injection attacks and other responsibilities that include:
Understanding when and how a web application connects to a database server in order to access data
Extracting basic SQL injection flaws and vulnerabilities
Testing web applications for blind SQL injection vulnerabilities
Scanning web servers and analyzing the reports
Securing information in web applications and web servers
A SQL injection attack is performed by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
As an expert ethical hacker, you must use diverse solutions, and prepare statements with bind variables and whitelisting input validation and escaping. Input validation can be used to detect unauthorized input before it is passed to the SQL query.
SQL Injection Exercises
Ethical Hacking Exercises / SQL Injection contains the following Exercises:
- SQL Injection Attacks on MS SQL Database
- Testing for SQL Injection Using IBM Security AppScan Tool
The Virtual Private Cloud for this Lab set utilizes:
Ethical Hacking Exercises are available as part of the following subscription:
The Exercises in this lab map to the Certified Ethical Hacker V10 Course. Each subscription provides 6 months of access to 107 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.
Lab exercises are included for:
- Footprinting and Reconnaissance
- Scanning Networks
- Vulnerability Analysis
- System Hacking
- Malware Threats
- Social Engineering
- Denial of Service
- Session Hijacking
- Evading IDS Firewalls and Honeypots
- Hacking Web Servers
- Hacking Web Applications
- SQL Injection
- Hacking Wireless Networks
- Hacking Mobile Platforms
- Cloud Computing