Log into DVWA, go to SQL Injection, and check that the security level is low:
- As in previous recipes, let's test the normal behavior of the application by introducing a number. Set User ID as 1 and click Submit. By looking at the result, we can say that the application queried a database to see whether there is a user with an ID equal to one and returned the ID, name, and surname of that user.
- Next, we must test what happens if we send something that the application does not expect. Introduce 1' in the textbox and submit that ID. As shown in the following screenshot, the application should respond with an error:
This error ...