Chapter 2. Testing for SQL Injection

Solutions in this chapter:

âª Finding SQL Injection

âª Confirming SQL Injection

âª Automating SQL Injection Discovery

Summary

Solutions Fast Track

Frequently Asked Questions

Introduction

As the presence of SQL injection is commonly tested for remotely (i.e., over the Internet as part of an application penetration test) you usually don't have the opportunity to look at the source code to review the structure of the query into which you are injecting. This often leads to a need to perform much of your testing through inferenceâthat is, âIf I see this, then this is probably happening at the back end.â

This chapter discusses techniques for finding SQL injection issues from the perspective of the user sitting ...

Get SQL Injection Attacks and Defense now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SQL Injection Attacks and Defense by Justin Clarke

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly