Testing for SQL Injection
OWASP
OWASP Web Security Testing Guide 4.2 > 7. Data Validation Testing > 7.5. Testing for SQL Injection
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
7.5 | WSTG-INPV-05 | Testing for SQL Injection | - Identify SQL injection points. - Assess the severity of the injection and the level of access that can be achieved through it. |
SQL injection testing checks if it is possible to inject data into an application/site so that it executes a user-controlled SQL query in the database. Testers find a SQL injection vulnerability if the application uses user input to create SQL queries without proper input validation.
See my notes
- SQL injection: What is it. How this attack works. Attack classification. Types of databases. Payloads. Dictionaries.
- NoSQL injection: What is it. Typical payloads.
- Manual attack.