Embedded Files
Scenario
Scenario
In the previous lab, you have learnt to use Webcruiser tool to scan website as well as POC (Proof of concept) for web vulnerabilities: SQL Injection.
Few attackers perform SQL Injection attacks based on “error message” received from the server. If an error is responded from the application the attacker can determine entire structure of the database, and read any value that can be read by the account the ASP application is using to connect to the SQL Server. However, if an error message is returned from the database server complaining about the SQL Query’s syntax is incorrect; an attacker tries all possible True and False questions through SQL statements to stealing data.
As an expert Security Professional and Penetration Tester, you should be familiar with the tips and tricks used in SQL Injection detection. You must also be aware of all the tools that can be used to detect SQL injection flaws. In this lab, you will learn to use the tool N-Stalker to detect SQL injection attack in websites.
Lab Objectives
Lab Objectives
The objective of this lab is to help students learn how to test web applications for SQL Injection threats and vulnerabilities.
In this lab, you will learn to:
Perform website scans for vulnerabilities
Analyze scanned results
Fix vulnerabilities in web applications
Generate reports for scanned web applications
Lab Analysis
Lab Analysis
In this lab you have learnt to perform website scans for vulnerabilities, analyzing scanned results using N-Stalker. Analyze and document the results related to the lab exercise. Give your opinion on your target’s security posture and exposure.
Report abuse