The prime objective of Security testing is to find out ways to identify a vulnerability in the system and to ensure that data is protected from hackers. As more and more vital data is stored in web applications,\u00a0proper security testing of web applications is becoming very important. We should do it during test environment.\u00a0To implement security testing approach in our application we can ensure that our application is free to following vulnerabilities.<\/p>\n
Many testers are unaware of how SQL queries can be tampered with and assume that an SQL query is a trusted command.SQL injection is a code injection technique that might destroy your database. A successful SQL injection attack can read sensitive data from the database, modify database data (Insert\/update\/delete), also execute administration operations on the database. The data we input in our application are moved to database queries. If any malicious data would be typed, it would be moved to a database\u00a0query, too. In that case, if SQL Injection is possible, any damage could be done to your system’s data.<\/p>\n
The Following things can be done from SQL Injection:<\/strong><\/p>\n 1.)\u00a0The user could log in to the application as another user, even as an administrator.<\/p>\n 2.) The user could view private information of users like details of other user’s profiles, their transaction details etc.<\/p>\n 3.)\u00a0<\/strong>The user could change application configuration information and the data of the other users.<\/p>\n 4.) The user could modify the database, even delete the database.<\/p>\n 5.)\u00a0The user could take control of the database server.<\/p>\n Since the consequences of allowing the SQL injection technique could be very severe, so we should be tested it during the test environment.<\/p>\n How your website can be checked for any SQL Injection vulnerabilities?<\/strong><\/p>\n It is very simple to find out that your website is SQL\u00a0injection protected or not. To check the vulnerable page for sql injection\u00a0vulnerability add a [ ‘ ] to the URL. \u00a0To check the vulnerable page for sql injection vulnerability add a [ ‘ ] sign. \u00a0If the page is vulnerable to SQLI it will throw My SQL error. As we got vulnerable url,\u00a0we can any tool to check the level of exploitation. So anyone can dump the complete data with available data. Let’s take an example-<\/p>\n It will display like- From Normal query\u00a0MySQL statement will just select everything from customers that has a username equal to John doe<\/i>. \u00a0Whereas, the injection attack will change our query behavior.\u00a0This OR clause of 1 will always be true<\/i> and so every single entry in the “customers” table would be selected by this statement. You can learn more from this link- SQL Injection<\/a><\/p>\n What can be done to Prevent SQL Injection attacks<\/strong>?<\/strong><\/p>\n For preventing SQL injection we should validate and sanitize every data. We can validate the data with (int)<\/strong>.\u00a0Using (int)<\/strong> forces the data to be an integer.<\/p>\n PHP has a specially-made function to prevent these attacks. All you need to do is use this function mysqli_real_escape_string<\/i><\/strong>.<\/p>\n mysqli_real_escape_string<\/i><\/strong>\u00a0take a string that is going to be used in a MySQL query and return the same string with all SQL Injection attempts safely escaped. Basically, it will replace those troublesome quotes(‘) a user might enter with a MySQL-safe substitute, an escaped quote \\’.\u00a0So please do use the\u00a0mysqli_real_escape_string()\u00a0<\/i><\/strong>function to help prevent SQL Injection\u00a0attacks on your websites.<\/p>\n So we can check our application’s code that is it validated\/sanitized or not.<\/p>\n XSS<\/strong> (Cross-Site Scripting) is a widespread vulnerability that affects many web applications.\u00a0XSS<\/b> enables attackers to inject client-side scripts into web pages viewed by other users.\u00a0The XSS<\/strong> scripts injected into a site can leak out sensitive data and information.<\/p>\n\/\/ a user name\r\n$name = \"John doe\"; \r\n$query = \"SELECT * FROM customers WHERE username = '$name'\";\r\necho \"Normal: \" . $query . \"<br \/>\";\r\n\r\n\/\/ user input that uses SQL Injection\r\n$name_bad = \"' OR 1'\"; \r\n\r\n\/\/ our MySQL query builder, however, not a very safe one\r\n$query_bad = \"SELECT * FROM customers WHERE username = '$name_bad'\";\r\n\r\n\/\/ display what the new query will look like, with injection\r\necho \"Injection: \" . $query_bad;\r\n<\/pre>\n
\nNormal: SELECT * FROM customers WHERE username = ‘John doe’
\nInjection: SELECT * FROM customers WHERE username = ” OR 1″<\/p>\nCross Site Scripting:\u00a0<\/strong><\/h2>\n