SQLi Vulnerability and Pentesting Steps

In this lab, you will learn how to analyze the SQLi vulnerability discovered in the SQLi Lab. You will learn what is the vulnerability, how it works, and how to control this vulnerability. You will also learn the steps a pen tester might take when testing for an SQLi.

outcomes:

In this lab, you will learn to:

Understand the steps of the pen testing process.
Perform some of the steps of the pen testing process.

Before you start this lab, review these videos.

Analysis of the Vulnerability

Where to Pentest

Altering the Query

Determining the Number of Rows

Determining the Number of Columns

Obtaining System Information

Overview

In this lab we will analyze the vulnerability discovered in SQLi lab, and demonstrate the steps a pentester might take when testing a website for an SQLi vulnerability. The demonstration outlined in this lab will only take you to a certain point, and it will be up to you to proceed from there. Your pentesting assignment will be outlined at the conclusion of this lab.

SQLi Vulnerability and Pentesting Steps

Courses

Pentesting and Understanding Vulnerabilities - Skill Labs

Key terms and descriptions

SQL injection attack

SQL injection attacks are a type of code injection technique that exploits a security vulnerability in an application’s SQL database.

Pen testing

Ethical hackers are white hat hackers that learn and perform hacking ethically in order to become better defenders. Hackers use their expert knowledge of hardware and software to break into systems to uncover vulnerabilities.