SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a backend database.
Objective
- Understanding when and how a web application connects to a database server in order to access data
- Extracting basic SQL injection flaws and vulnerabilities
- Testing web applications for blind SQL injection vulnerabilities
- Scanning web servers and analyzing the reports
- Securing information in web applications and web servers
Scenario
As an expert ethical hacker, you must use diverse solutions, and prepare statements with bind variables and whitelisting input validation and escaping. Input validation can be used to detect unauthorized input before it is passed to the SQL query.
SQL Injection Exercises
Ethical Hacking Exercises / SQL Injection contains the following Exercises:
- SQL Injection Attacks on MS SQL Database
- Testing for SQL Injection Using IBM Security AppScan Tool
The Virtual Private Cloud for this Lab set utilizes:
Ethical Hacking Exercises are available as part of the following subscription:
The Exercises in this lab map to the Certified Ethical Hacker V10 Course. Each subscription provides 6 months of access to 107 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.
Lab exercises are included for:
- Footprinting and Reconnaissance
- Scanning Networks
- Enumeration
- Vulnerability Analysis
- System Hacking
- Malware Threats
- Sniffing
- Social Engineering
- Denial of Service
- Session Hijacking
- Evading IDS Firewalls and Honeypots
- Hacking Web Servers
- Hacking Web Applications
- SQL Injection
- Hacking Wireless Networks
- Hacking Mobile Platforms
- Cloud Computing
- Cryptography