Question:
I am a software tester with 11 months experience. I want to explore security testing area and would like to know more about vulnerability testing more specifically about SQL injection attack. Also guide me as to how these testing can be performed manually.
By: Saran Satyan
Answer:
Vulnerability Testing is a practice area for security professionals. There is no simple or one solution that will work in all cases. One has to go through a structured approach to accomplish this testing. The high level steps include scoping, information gathering, tool selection, and then performing the scanning. Most of the vulnerabilities require in-depth knowledge on the internals of the web application like its design and architecture in addition to the tools and technology used in its build. Manual methods or techniques may not help in identifying most of the vulnerabilities.
As we all know, SQL query language is used to retrieve data from the databases and a technique to exploit the the query language to fetch unintentional data by injecting unexpected input data is referred to as SQL Injection attack. As an example, typical where clause in a query used to authenticate a user would be like where userid = <user_id> and password = <password>. The user id and password as entered by the user would be substituted in this where clause in run time before execution. Programmers adopt different techniques to dynamically bind the input variables to build the needed where clause. One such simple method of dynamically building the where clause is by concatenating the input data like "... where userid = " + user_id + " and password = " + password = ";" In this case for instance, if the user inputs the password with something followed by "or 1=1" then the where clause of the final query will look like where userid = user_id and password = password = password or 1=1; As we all know, this query when executed will retrieve all the rows in the user table because of the condition or 1=1.
Here is an article worth referring to know more about SQL injection attacks.You may also check out the following links to know more about vulnerability testing:
Web Application Security Testing Cheat Sheet
The world's most advanced Open Source vulnerability scanner and manager
Web application security: Testing for vulnerabilities
Hope you will find this response useful.
I am a software tester with 11 months experience. I want to explore security testing area and would like to know more about vulnerability testing more specifically about SQL injection attack. Also guide me as to how these testing can be performed manually.
By: Saran Satyan
Answer:
Vulnerability Testing is a practice area for security professionals. There is no simple or one solution that will work in all cases. One has to go through a structured approach to accomplish this testing. The high level steps include scoping, information gathering, tool selection, and then performing the scanning. Most of the vulnerabilities require in-depth knowledge on the internals of the web application like its design and architecture in addition to the tools and technology used in its build. Manual methods or techniques may not help in identifying most of the vulnerabilities.
As we all know, SQL query language is used to retrieve data from the databases and a technique to exploit the the query language to fetch unintentional data by injecting unexpected input data is referred to as SQL Injection attack. As an example, typical where clause in a query used to authenticate a user would be like where userid = <user_id> and password = <password>. The user id and password as entered by the user would be substituted in this where clause in run time before execution. Programmers adopt different techniques to dynamically bind the input variables to build the needed where clause. One such simple method of dynamically building the where clause is by concatenating the input data like "... where userid = " + user_id + " and password = " + password = ";" In this case for instance, if the user inputs the password with something followed by "or 1=1" then the where clause of the final query will look like where userid = user_id and password = password = password or 1=1; As we all know, this query when executed will retrieve all the rows in the user table because of the condition or 1=1.
Here is an article worth referring to know more about SQL injection attacks.You may also check out the following links to know more about vulnerability testing:
Web Application Security Testing Cheat Sheet
The world's most advanced Open Source vulnerability scanner and manager
Web application security: Testing for vulnerabilities
Hope you will find this response useful.