SQL injection is one of the most dangerous vulnerabilities in a web application. In this video, you will learn what the methods available for detecting it are, and then we will automate the process in Python.
- [Christian] Hi, and welcome to the second video…of Section 6.…In this video, we're going to learn how…to detect SQL injections and how automate this in Python.…In the previous video, we learnt how…an SQL injection vulnerability works.…In this video, we're going to look at…what are the different methods to detect…an SQL injection in a Web application.…Then we'll proceed to automate the detection of these issues…based on one of the methods.…And finally, we'll enumerate the columns used in the query…and also identify valid column names in the table.…
In order to detect SQL injection,…we have three methods available.…Error based.…This method injects payloads that break out of the original…query and generates an SQL error on the server,…which can be detected in the content of the returned pages.…Boolean.…This method injects payloads that alter…the outcome of the original query,…which makes the application return a different page content.…Basically, we identify the size of a valid page…versus the size of an invalid page,…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests