Penetration Testing Using SQL Injection to Recognize the Vulnerable Point on Web Pages



Web pages vulnerabilities have been exploited since early `90s against user oriented applications such as email, online shopping, and Web banking [1]. Penetration testing is a technique for finding vulnerability or loop holes that exist in web pages which can help for ruling out illegal access to the database.

A penetration testing for web pages vulnerabilities continues to be a significant problem, as more and more user-oriented applications are deployed to the web such as Facebook and Twitter.

A web pages is a process of collection a dynamic scripts, compiled code or both, that resides on a web or application server and potentially interacting with database and other sources of dynamic content.

Web pages are becoming important part of our daily activities. As an important role of web application, the web security is becoming critical. Because of the wide use of web applications, all web vulnerability is observed and exploited by hackers, and through which it can be easily access the database [2]. Many web pages security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection, cross-site scripting (XSS) or weak password [3], [5]. Although
the majority of web vulnerabilities are easy to understand and avoid, many web and database developers are unfortunately not having security awareness, as a result there exist a large number of vulnerable database pages on a web…continue reading…

Download: Penetration testing using sql.pdf (862.9 KB)