Test for SQL Injection vulnerability

What are SQL Injection and its types?

When a malicious user exploits an SQL Injection (SQLi) attack vector, they intend to control the web application’s database server using malicious SQL statements. This allows them to bypass authentication controls required to access and retrieve the contents of the database. This usually is initiated by hackers scouting the application firewall for vulnerable user input points. Once identified, the attacker creates input content known as a malicious payload, executing unauthorized SQL injection commands at the back-end database.

Commonly developed SQL injection commands:

• Retrieving user credentials within the database
• Selecting and outputting crucial system data
• Appending or adding new data to a database
• Deleting tables and records from the database
• Using the back-end database server to access the Operating System

SQLi Types:

• In-band SQLi
• Error-based SQLi
• Union-based SQLi
• Blind SQL Injection/Inferential SQLi
• Content-based SQLi
• Time-based SQLi
• Out-of-Band SQLi

What is an SQL injection vulnerability scanner?

We believe that nowadays, it’s essential that every online business have an Automated Vulnerability Scanner, and that’s why we developed one. In addition, solutions such as our SQL Injection online test have been created to keep your web application secure while saving developers time and companies budget.

We offer you a cybersecurity-made easy approach:

• Developers get to save around 100 hours per year due to reduced test setup and remediation help right in the scan report.
• Save on average 40% on your pentesting budget and enable constant security posture transparency while decreasing your exposure.

Note: You must own and have the permissions to set the SQL scanner. The SQLi tool can generate different HTTP Requests that can be considered attacks (even if they are entirely inoffensive) so consider that you need the authorization to run this scanner.

How the SQL Injection scanner works

The SQL Injection scanner uses an engine based on SQLMap with some customization we have made.

It checks for SQLi attacks against SQL databases like MySQL, MsSQL, and PostgreSQL. It is important to mention here that our scanner does not use any harmful SQL queries like Drop Tables.

All discovered exposures are then listed and then classified for prioritization in the findings report.

Why should I test SQL injection vulnerability?

SQL Injection is considered a critical vulnerability that can cause severe consequences for online businesses. The hackers can inject a SQL sequence that allows them to:

• Extract, change, and remove information from the database.
• Read and write files from the disk (only in specific cases).
• Compromise your entire network.

When you test for SQL injection, you are closer to preventing these dangerous attacks that permit hackers to acquire customers’ data such as passwords, credit cards, and email information. The report states the severity of the exposure and provides remediation advice on possible fixes.

Additionally, you can automate the scans and receive the security reports on your schedule, whenever and wherever you prefer (email, Slack, Discord, Microsoft Teams.)

How do I run an SQL injection test?

Set up and start scanning in less than 2 minutes. Remember that the SQL Injection scanner is an invasive one – effectively, our automated testing tool mimics an actual hacking attack and probes your web app for SQLi exposure. We advise running this scanner in a Staging environment not to overload your Production system.

The SQL Injection attack vector check requires time depending on how big the application is, so don’t worry if it takes a bit more than a few minutes. We will notify you once the scan is completed.

Tip: In the Preferences section, you can set which scanners you want to run. By default, you can run them all; you can select only SQL vulnerability scanner or mix it with XSS and CSRF scanners.

SQL Injection Prevention Tips

To prevent SQLi vulnerability exposure, treat all user input as potentially malicious and follow some programming guidelines:

Filter User Input

All user input should be validated first and limited to the needed characters – e.g., username, password, and e-mail address in a registration form. Limit the allowed characters of these input fields to characters that do not interfere with the database. The following example filters out user input for the three values in PHP:

if (preg_match("/[^A-Za-z0-9]/", $username) ||
(preg_match("/[^A-Za-z0-9\!_-]/", $password) ||
(preg_match("/[^A-Za-z0-9_-@]/", $email)) {
echo "Invalid Characters!";
} else {
# Run Database Command}

Database Mappers

Created objects are automatically converted and stored or retrieved from the database. In the example of the user registration form, one could create the user object in the following way:

$user = new User;
$user->username = $request->username;
$user->password = $request->password;
$user->email = $request->email;
$user->save();

The resulting SQL statement is automatically sanitized and will prevent SQL injections.

Sanitize User Input / Prepared Statements

When it is not possible to use a database mapper, use prepared statements to create your SQL queries to validate and sanitize the user-provided values and therefore prevent SQL injections. E.g., in PHP, you can create a prepared statement the following way:

$stmt = $mysqli->prepare("INSERT INTO users(username, password, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $username, $password, $email) # "sss" here states, that three strings are expected.
$username = $request->username;
$password = $request->password;
$email = $request->email;
$stmt->execute();