Link Details

Link 772643 thumbnail
User 355617 avatar

By piccoloprincipe
via resources.infosecinstitute.com
Published: Apr 06 2012 / 10:36

During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters? Aren’t they potential input vectors for SQL injection attacks? How can one test all these HTTP parameters and which vulnerability scanners to use in order to avoid leaving vulnerabilities undiscovered in parts of the application?
  • 7
  • 0
  • 743
  • 656

Add your comment


Html tags not supported. Reply is editable for 5 minutes. Use [code lang="java|ruby|sql|css|xml"][/code] to post code snippets.

Voters For This Link (7)



Voters Against This Link (0)



    Java Performance Optimization
    Written by: Pierre-Hugues Charbonneau
    Featured Refcardz: Top Refcardz:
    1. Design Patterns
    2. OO JS
    3. Cont. Delivery
    4. Java EE7
    5. HTML5 Mobile
    1. Node.js
    2. Debugging JavaScript
    3. OO JS
    4. JSON
    5. Ajax