Computers, Programming, Technology, Music, Literature

Sql Injection testing for QA (testers)

leave a comment »

 

 

This video is for anyone that likes to know how to test an application for Sql Injection. The content and presentation was focussed on Quality Assurance personnel who are not penetration testers.

Agenda:
Context setting
Quick introduction –
GET/POST/PUT/DELETE
XML/SOAP/JSON
Browser addons for easy proxy switching
Intercepting proxies – Fiddler, OWASP ZAP, BurpSuite, ..?
Fuzzing and identifying vulnerable parameters
Code review pointers for Buddy testing
Demonstration Fiddler, ZAP, sqlmap, Sql Inject Me
Firsthand experience with Sqli tools (Vijay/Shashank)
Feedback

 

Related Blogs/Videos/Downloads:

Devouring Security – Sql Injection Part 2  | http://vimeo.com/85256464
Devouring Security – Sql Injection Part 1  | http://vimeo.com/83658524

Foxy Proxy

Chrome extension (open from chrome browser) – https://chrome.google.com/webstore/detail/foxyproxy-standard/gcknhkkoolaabfmlnjonogaaifnjlfnp?hl=en

Firefox Extenstion (open from Firefox) – https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

fiddler

http://www.telerik.com/download/fiddler

OWASP zap

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

sqlmap

http://sqlmap.org/

active python

http://www.activestate.com/activepython/downloads

Mantra browser

http://www.getmantra.com/download.html

Advertisements

Written by gmaran23

May 9, 2014 at 10:39 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: