luton.it

SQL injection

by

T.
in ,

SQL

Cos’è? …come funziona? …quali applicazioni sono vulnerabili? …come posso verificare che le mie non lo siano?
Ecco una serie di link utili per capire cos’è e come funziona questa tecnica tanto usata quanto, spesso, sottovalutata.
Vulnerable WebApps:
GOAT – http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
MOTH – http://www.bonsai-sec.com/en/research/moth.php
Damn Vulnerable Web App – http://www.dvwa.co.uk/
Mutillidae – http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
Hackme Bank – http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
Hackme Travel – http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
Hackme Shipping – http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
Hackme Casino – http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
Videos & webcasts:
OWASP Appsec NYC 2008 – http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference
Caught in the web series – http://www.coresecurity.com/content/ondemand-caught
Invasion of the browser snatchers series – http://www.coresecurity.com/content/on-demand-snatchers
Advanced SQL injection – http://www.irongeek.com/i.php?page=videos/joe-mccray-advanced-sql-injection
Websec 101 – http://www.foundstone.com/us/websec101.asp
Hackme Bank & Hackme Travel videos – http://www.foundstone.com/us/resources-videos.asp
Tools
Samurai Web Testing Framework (Live CD which contains most tools needed to perform web assesment) –http://samurai.inguardians.com
Methodologies
OWASP Testing Guide – http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf
Cheat Sheets
SQL Injection Cheat Sheet – http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
SQL Injection Cheat Sheet – http://michaeldaw.org/sql-injection-cheat-sheet
SQL Injection Cheat Sheet w/ filter evasion – http://ha.ckers.org/sqlinjection/
SQL Injection Cheat Sheets sorted by DB – http://pentestmonkey.net/index.php?option=com_content&task=category&sectionid=9&id=24&Itemid=1
XSS Cheat Sheet w/ filter evasion – http://ha.ckers.org/xss.html
Web App Assesment Cheat Sheet – http://www.secguru.com/files/cheatsheet/webappcheatsheet2.pdf
Books
Web Application Hackers Handbook – http://portswigger.net/wahh/
Whitepapers & slides
OWASP article on Web application penetration testing – http://www.owasp.org/index.php/Web_Application_Penetration_Testing
Advanced SQL injection – http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf
Best of web application penetration testing tools – http://pauldotcom.com/TriplePlay-WebAppPenTestingTools.pdf
Advanced SQL Injection in SQL Server – http://www.ngssoftware.com/papers/advanced_sql_injection.pdf
URL :: owasp.blogspot.com

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *