June 2017
Intermediate to advanced
338 pages
8h 28m
English
All joking aside, experienced hackers will write scripts to spider applications for all potential page hosting forms, later visiting each to tinker with them and get some idea as to whether SQLI is possible. Scanning tools are fun and all, but nothing demonstrates how serious an attack is to a customer better than using nothing more than a browser to gain access, escalate privileges, or render sensitive data. As an example, if we wanted to try and coax a page to reveal its query syntax, we might force an error, as shown in following screenshot, in which the database tries to tell us how to correct it:

Read now
Unlock full access