O'Reilly logo

SQL Injection Attacks and Defense, 2nd Edition by Justin Clarke-Salt

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 2

Testing for SQL Injection

Rodrigo Marcos Alvarez

Solutions in this chapter:

• Finding SQL Injection

• Confirming SQL Injection

• Automating SQL Injection Discovery

Introduction

As the presence of SQL injection is commonly tested for remotely (i.e., over the Internet as part of an application penetration test) you usually don’t have the opportunity to look at the source code to review the structure of the query into which you are injecting. This often leads to a need to perform much of your testing through inference—that is, “If I see this, then this is probably happening at the back end.”

This chapter discusses techniques for finding SQL injection issues from the perspective of a user sitting in front of his browser and interacting ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required