Injection Attacks using WebGoat

CompTIA Security+ (SY601) Domains:
Domain 1.0: Threats, Attacks, and Vulnerabilities

CompTIA Security+ (SY601) Objectives:
Objective 1.3: Given a scenario, analyze potential indicators associated with application attacks

Overview

In this lab, you will be conducting web application security practices using OWASP WebGoat such as SQL injection and cross-site scripting.

outcomes

In this lab, you will learn to:

Use SQL injection to break in to a web application
Use cross-site scripting (XSS) to attack a web application

Courses

Linux Based Security+ - Skill Labs

Key terms and descriptions

SQL Injection

SQL injection is a type of attack that exploits the security vulnerability in the database layer. SQL injection attack exploits the dynamic nature of SQL queries to execute unintended commands.

Cross-site scripting XSS

Cross-site scripting is a type of computer security vulnerability typically found in web applications. It occurs when an attacker can inject malicious scripts into the target site, causing the browser to execute that script.

Tamper Data tool

Tamper Data tool is an add-on to Firefox that allows you to modify HTTP requests before they are sent. You will learn how to use this tool in this lab.