Category: Software Topics

SQL Injection Prevention and Mitigation

Structured Query Language (SQL) is an ANSI standard language developed to communicate with a relational database. SQL is used by all major database systems, including MySQL, PostgreSQL, SQL Server, DB2, Oracle, and so on. An Overview of SQL A Relational Database Management Systems (RDBMS) is used to manage relational databases, that is, it is a ...

PenTest Edition: SQL Injection Attacks Using Both Burp Suite and Sqlmap

In this tutorial, I'm using BurpSuite to grab cookie information from a user and feed it into an SQL injection attack using sqlmap. To perform this attack, I'm using the Damn Vulnerable Web App (DVWA) as a SQL injection vulnerable web site/database. As a prerequisite, the reader should have at least a basic understanding of ...

PenTest Edition: Go from Beginner to Advanced with nmap

Network Mapper, otherwise known as "nmap," is a powerful open-source program, perfect for conducting reconnaissance and enumeration. Yes, nmap is well-known for this purpose and it's included in every whitehat-to-blackhat's toolbox for that very reason; however, I want to point out that it has many other uses as well. For instance, a network administrator may  ...