课程: SQL for Testers
今天就开通帐号,24,700 门业界名师课程任您挑!
Security testing
- [Instructor] The OWASP Foundation maintains a list of the top 10 web application security risks. This list is known as the OWASP Top 10. And number one on this list is injection. You're probably already well aware of the fact that SQL systems are vulnerable to injection flaws, but how would you go about testing for them? Well, let's take a look at an example of a SQL injection flaw in this application, and see if we can learn anything about testing them. For this example, we're going to use the Shop by Category page, and you can see here in the URL that we have this query parameter. So we've got a question and categoryId equals, and that's what's being used to determine which products to show us. So it queries the categoryId, and where it equals one, it returns us back those products. So in this case, one is men's, and it returns those products for us. So what's happening here is that in the background, this query is getting sent to the SQL server and it's being told here's the…
随堂练习,边学边练
下载课堂讲义。学练结合,紧跟进度,轻松巩固知识。
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程