Readings this week had a concentration in Burp Suite and injection attacks. Injection attacks have dominated the top of web application vulnerability lists for much of the past decade. XSS remains the most prevalent vulnerability, while SQL injection is the most often exploited of these vulnerabilities. Injection attacks are preferred by malicious users as a way to obtain restricted data from a back end database or to embed malicious code onto a web server that will in turn serve up malware to unsuspecting clients.
Questions for the class:
What is an example of a SQLi? Meaning what input would the attacker put in the URL to try a SQLi?
Leave a Reply
You must be logged in to post a comment.