Attacking traditional web applications – automated techniques
As we mentioned earlier, besides performing manual attack techniques to exploit SQL injection, it's possible to use specific software that can handle some of the tasks involved in SQL injection attacks, producing useful results in a timely manner. These tools are used by both attackers and security professionals alike, as they optimize operations and help to save a lot of time by simplifying the tasks we need to perform.
First, we will go through what is possible to do, in terms of SQL injection, with Zed Attack Proxy (ZAP), which is the attack proxy by OWASP.
OWASP ZAP for SQL injection
OWASP ZAP is a versatile tool that consists of an attack proxy—a piece of software that is used to intercept traffic in order to monitor it or modify it before it's sent to an application—with other functionalities that help to automate the process. In this sense, through automation, this tool can...