Injection flaws is the number one kind of vulnerability in the OWASP top 10 list from 2013; included, among others, the one that we will test in this recipe: SQL Injection (SQLi).

Most modern web applications implement some kind of database, be it local or remote. SQL is the most popular language. In a SQLi attack, the attacker seeks to abuse the communication between application and database by making the application send altered queries by injecting SQL commands in forms' inputs or any other parameter in the request that is used to build a SQL statement in the server.

In this recipe, we will test the inputs of a web application to see if it is vulnerable to SQL Injection.