Databases are the engines behind the information age, from keeping track of your users to tracking millions of products for online retail websites. Structured Query Language (SQL) is the most common language of databases. Not all databases are developed with security in mind and may have input validation issues, which makes them the perfect target for an attacker.
- Follow the “Pentester Lab: From SQL injection to Shell,” found in the Course Materials, as a guide.
- Using GCU Approved Virtualization Solution and ” SQL Injection to Shell,” VM from Vulnhub, perform an SQL recon and injection.
- Document findings under Phase Testing in the “PEN Testing Report Guidelines,” located in the Course Materials. Refer to the SANS Institute industry-standard “Writing a Penetration Testing Report,” for examples of PEN Testing Report.
- Append this assignment to the PEN testing report and resubmit the report (Passive Corporate Recon + Automating Information RECON + NMap Scan + Vulnerability Assessment + Applied Exploitation using Metasploit + Custom Payload + Website Vulnerability Assessment + SQL Injection).
0 comments