Chapter 4: Attacking Web, Mobile, and IoT Applications
Here we are at the fun part of our journey—the core of the practical section of this book. So far, we have looked at both the basics and the mechanics of SQL injection, including a glimpse of what a successful SQL injection attack can do. We also provided a safe and controlled environment that anyone can experience, at their own pace, of what a SQL injection attack consists of.
In this chapter, we will deal with SQL injection attacks against traditional web applications, which is the most common scenario, using both manual and automated techniques, relying on the toolset that we discussed in the previous chapter.
This chapter is split into the following sections:
- Attacking traditional web applications – manual techniques: This section shows SQL injection attacks performed manually against the vulnerable web applications contained in the OWASP Broken Web Applications (BWA) virtual web server. These attacks...