{"id":19877,"date":"2021-02-03T00:36:52","date_gmt":"2021-02-02T19:06:52","guid":{"rendered":"https:\/\/valeurbit.com\/blog\/?p=19877"},"modified":"2021-02-12T18:13:47","modified_gmt":"2021-02-12T12:43:47","slug":"how-to-find-and-protect-against-sql-injection-vulnerability","status":"publish","type":"post","link":"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/","title":{"rendered":"How To Find And Protect Against SQL Injection Vulnerability?"},"content":{"rendered":"\n<p>SQL injection is an old technique in which a hacker executes malicious SQL statements to hijack a website.&nbsp;This vulnerability is considered to be of high severity, and the latest report from Acunetix shows that 23% of the scanned target was vulnerable to it.<\/p>\n\n\n\n<p>Since SQL Database (Structured Query Language) is supported by many web platforms (PHP, WordPress, Joomla, etc.), it can target a large number of websites.<\/p>\n\n\n\n<p><strong>Note<\/strong>&nbsp;.&nbsp;Performing SQL injection creates high network bandwidth and sends a lot of data.&nbsp;So, make sure you own the site you are testing.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1.suip.biz<\/h2>\n\n\n\n<p><a href=\"https:\/\/suip.biz\/?act=sqlmap\" target=\"_blank\" rel=\"noreferrer noopener\">suIP.biz<\/a>&nbsp;supports MySQL, Oracle, PostgreSQL, Microsoft SQL, IBM DB2, Firebird, Sybase, etc.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/itgap.ru\/static\/uploads\/posts\/2020\/02\/08\/4bd28864af2ff43cd2c3de3e35f0fd96.jpg\" alt=\"sqlmap\"\/><\/figure>\n\n\n\n<p>SQLMap is included so it will test all six injection methods.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2. SQL Injection Test Online<\/h2>\n\n\n\n<p>Another online tool from the creators of&nbsp;<a href=\"https:\/\/hackertarget.com\/sql-injection-test-online\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hacker Target<\/a>&nbsp;based on SQLMap that finds bugs based on a vulnerability against an HTTP GET request.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Vega<\/h2>\n\n\n\n<p><a href=\"https:\/\/subgraph.com\/vega\/\" target=\"_blank\" rel=\"noreferrer noopener\">Vega<\/a>&nbsp;&nbsp;is a free open source security scanner that is available on Linux, OS X and Windows platforms.<\/p>\n\n\n\n<p>Vega is written in Java and has a graphical interface.<\/p>\n\n\n\n<p>Not only SQLi, but you can use Vega to test many other vulnerabilities such as:<\/p>\n\n\n\n<ul><li>XML \/ Shell \/ URL injection<\/li><li>Directory List<\/li><li>Remote file<\/li><li>XSS<\/li><li>And much more\u2026<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">4. SQLMap<\/h2>\n\n\n\n<p><a href=\"http:\/\/sqlmap.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">SQLMap<\/a>&nbsp;&nbsp;is one of the popular open source testing tools for&nbsp;<a href=\"http:\/\/sqlmap.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">injecting<\/a>&nbsp;SQL into a relational database management system.<\/p>\n\n\n\n<p>Sqlmap handles passwords, hashes, roles, databases, tables, columns and support for full dumping of database tables.<\/p>\n\n\n\n<p>If you are using&nbsp;<a href=\"https:\/\/itgap.ru\/post\/kak-ustanovit-kali-linux-na-fleshku\" target=\"_blank\" rel=\"noreferrer noopener\">Kali Linux<\/a>&nbsp;, then you can use SQLMap without installing it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">5. SQL Injection Scanner<\/h2>\n\n\n\n<p>Online scanner&nbsp;<a href=\"https:\/\/pentest-tools.com\/website-vulnerability-scanning\/sql-injection-scanner-online\" target=\"_blank\" rel=\"noreferrer noopener\">from Pentest-Tools<\/a>&nbsp;&nbsp;using OWASP ZAP.&nbsp;There are two options &#8211; lifgt (FREE) and full (registration required).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">6. Acunetix<\/h2>\n\n\n\n<p><a href=\"https:\/\/www.acunetix.com\/vulnerability-scanner\/sql-injection-scanner\/\" target=\"_blank\" rel=\"noreferrer noopener\">Acunetix<\/a>&nbsp;&nbsp;is an enterprise vulnerability scanner trusted by over 4,000 brands worldwide.&nbsp;Acunetix is \u200b\u200bcapable of detecting not only SQLi scan but over 6,000 vulnerabilities.<\/p>\n\n\n\n<p>Each detection is categorized with possible fixes, so you know what to do to fix it.&nbsp;In addition, you can integrate with the CI \/ CD system and SDLC, so every security risk is identified and corrected before the application is deployed to production.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What&#8217;s next?<\/h2>\n\n\n\n<p>The above tools will test and report if your site has an SQL injection vulnerability.&nbsp;If you are wondering&nbsp;<strong>how to protect your site from SQL injection<\/strong>&nbsp;, then the following will give you an idea.<\/p>\n\n\n\n<p>A poorly coded web application is often responsible for SQL injection, so you need to fix the vulnerable code.&nbsp;However, one more thing you can do is implement WAF (Web Application Firewall).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SQL injection is an old technique in which a hacker executes malicious SQL statements to hijack a website.&nbsp;This vulnerability is considered to be of high severity, and the latest report from Acunetix shows that 23% of the scanned target was vulnerable to it. Since SQL Database (Structured Query Language) is supported by many web platforms&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How To Find And Protect Against SQL Injection Vulnerability? | ValeurBit Infosec<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How To Find And Protect Against SQL Injection Vulnerability? | ValeurBit Infosec\" \/>\n<meta property=\"og:description\" content=\"SQL injection is an old technique in which a hacker executes malicious SQL statements to hijack a website.&nbsp;This vulnerability is considered to be of high severity, and the latest report from Acunetix shows that 23% of the scanned target was vulnerable to it. Since SQL Database (Structured Query Language) is supported by many web platforms...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"ValeurBit Infosec\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/valeurbitinfo\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-02T19:06:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-02-12T12:43:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itgap.ru\/static\/uploads\/posts\/2020\/02\/08\/4bd28864af2ff43cd2c3de3e35f0fd96.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@valeurbit\" \/>\n<meta name=\"twitter:site\" content=\"@valeurbit\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/valeurbit.com\/blog\/#organization\",\"name\":\"Valeurbit Infosec\",\"url\":\"https:\/\/valeurbit.com\/blog\/\",\"sameAs\":[\"https:\/\/www.facebook.com\/valeurbitinfo\/\",\"https:\/\/www.instagram.com\/valeurbit\",\"https:\/\/www.linkedin.com\/company\/valeurbit-infosec\/\",\"https:\/\/twitter.com\/valeurbit\"],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/valeurbit.com\/blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/valeurbit.com\/blog\/wp-content\/uploads\/2021\/02\/Valeurbit-new-logo-center.png\",\"contentUrl\":\"https:\/\/valeurbit.com\/blog\/wp-content\/uploads\/2021\/02\/Valeurbit-new-logo-center.png\",\"width\":1080,\"height\":512,\"caption\":\"Valeurbit Infosec\"},\"image\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/valeurbit.com\/blog\/#website\",\"url\":\"https:\/\/valeurbit.com\/blog\/\",\"name\":\"ValeurBit Infosec\",\"description\":\"Cyber Security Company\",\"publisher\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/valeurbit.com\/blog\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/itgap.ru\/static\/uploads\/posts\/2020\/02\/08\/4bd28864af2ff43cd2c3de3e35f0fd96.jpg\",\"contentUrl\":\"https:\/\/itgap.ru\/static\/uploads\/posts\/2020\/02\/08\/4bd28864af2ff43cd2c3de3e35f0fd96.jpg\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/#webpage\",\"url\":\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/\",\"name\":\"How To Find And Protect Against SQL Injection Vulnerability? | ValeurBit Infosec\",\"isPartOf\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/#primaryimage\"},\"datePublished\":\"2021-02-02T19:06:52+00:00\",\"dateModified\":\"2021-02-12T12:43:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/valeurbit.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How To Find And Protect Against SQL Injection Vulnerability?\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/#webpage\"},\"author\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/#\/schema\/person\/df20c1cd317765fa8677a3056caeccfa\"},\"headline\":\"How To Find And Protect Against SQL Injection Vulnerability?\",\"datePublished\":\"2021-02-02T19:06:52+00:00\",\"dateModified\":\"2021-02-12T12:43:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/#webpage\"},\"wordCount\":440,\"publisher\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-find-and-protect-against-sql-injection-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/itgap.ru\/static\/uploads\/posts\/2020\/02\/08\/4bd28864af2ff43cd2c3de3e35f0fd96.jpg\",\"articleSection\":[\"Valeurbit\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/valeurbit.com\/blog\/#\/schema\/person\/df20c1cd317765fa8677a3056caeccfa\",\"name\":\"ValeurBit\",\"sameAs\":[\"https:\/\/valeurbit.com\/blog\"],\"url\":\"https:\/\/valeurbit.com\/blog\/author\/valeurbit\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/posts\/19877"}],"collection":[{"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/comments?post=19877"}],"version-history":[{"count":0,"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/posts\/19877\/revisions"}],"wp:attachment":[{"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/media?parent=19877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/categories?post=19877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/tags?post=19877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}