Tool Tuesday – sqlmap
Is your web application vulnerable to SQL Injection? With sqlmap you can test it.
First things first: A SQL Injection is a vulnerability in a web application that allows SQL commands to be sent to the database because the web application has not implemented appropriate countermeasures. More information can be found at: https://www.owasp.org/index.php/SQL_Injection. If you find evidence of such a vulnerability, you can use sqlmap to accurately verify the vulnerability.
sqlmap is a commandline tool for automated checking for SQL injections. This tool provides a wealth of options. sqlmap uses all known techniques to detect SQL injection, like Boolean-based, Time-based, Error-based, UNION-based and Stacked queries. The aggression with which sqlmap proceeds can also be set to control the impact on network traffic.
If a vulnerability is detected, sqlmap can also be used to exploit this vulnerability. The tool is able to detect the used database systems, extract single tables or create an dump of the complete database. In some cases it is also possible to get a shell to the operating system of the database server.
More information can be found at: http://sqlmap.org/
Are you not sure whether SQL Injections are possible in your application? Please feel free to contact us!
mgm sp @ Heise DevSec
With the topic “How practical is DevSecOps really? – A field report” our colleague Maximiliane Zirm is present at this year’s Heise devSec.
Pentest FAQ – #7 and #8 – What is a penetration test? And what is it not?
In our Big Application Security Penetration Test FAQ for clients we answer everything you should know before, during and after the commissioning of an Application Security Penetration Test.
In focus today: : Questions #7 and #8 – What is a penetration test? And what is it not?
The Big Application Security Penetration Testing FAQ for Clients
Have you ever wondered what a pentest is exactly or how such a test works? Our Big Application Security Penetration Test FAQ for clients answers these questions and much more.
Tool Tuesday – nmap
One tool which should be installed on every pentester PC is nmap. This command line tool is the Swiss army knive for penetration tests on network level, but also used regularly by system administrators.
mgm sp @ Munich
Our head office is located in the heart of Bavaria, since the time of SecureNet. Come have a look!