Testing for SQL Injection

This chapter discusses techniques for finding SQL injection issues from the perspective of the user sitting in front of his browser and interacting with a Web application. SQL injection is present in any front-end application accepting data entry from a system or user, which is then used to access a database server. In a Web environment, the Web browser is a client acting as a front end requesting data from the user and sending it to the remote server which creates SQL queries using the submitted data. The main goal at this stage is to identify anomalies in the server response and determine whether they are generated by an SQL injection vulnerability. There is one simple rule for identifying SQL injection vulnerabilities: Trigger anomalies by sending unexpected data. This rule implies that one identifies all the data entry on the Web application, one may know what kind of request might trigger anomalies, and detect anomalies in the response from the server.