sql-injection-testing

# SQL Injection Testing ## Purpose Execute comprehensive SQL injection vulnerability assessments on web applications to identify database security flaws, demonstrate exploitation techniques, and validate input sanitization mechanisms. This skill enables systematic detection and exploitation of SQL injection vulnerabilities across in-band, blind, and out-of-band attack vectors to assess application security posture. ## Inputs / Prerequisites ### Required Access - Target web application URL with injectable parameters - Burp Suite or equivalent proxy tool for request manipulation - SQLMap installation for automated exploitation - Browser with developer tools enabled ### Technical Requirements - Understanding of SQL query syntax (MySQL, MSSQL, PostgreSQL, Oracle) - Knowledge of HTTP request/response cycle - Familiarity with database schemas and structures - Write permissions for testing reports ### Legal Prerequisites - Written authorization for penetration testing - Defined scope including target URLs and parameters - Emergency contact procedures established - Data handling agreements in place ## Outputs / Deliverables ### Primary Outputs - SQL injection vulnerability report with severity ratings - Extracted database schemas and table structures - Authentication bypass proof-of-concept demonstrations - Remediation recommendations with code examples ### Evidence Artifacts - Screenshots of successful injections - HTTP request/response logs - Database dumps (sanitized) - P...