SQL injection test for SQL Server is conducted to determine if there is any possibility of injecting data through front-end web application which could then be used to access the database.
We basically send unexpected data to the server and analyze its response to detect any anomalies and determine if they are generated by a SQL injection vulnerability, such vulnerability can allow an unauthorized user to access or manipulate data in the database.
We crawl the website to manually identify all parts of the web application that accept data from the user. This includes:
We use HTTP GET requests to manipulate the URL parameters and send requests to the server. A typical example can be the search function, when a user submits a search query and the web application needs to talk to the database to extract the relevant information.
Another example can be an E-Commerce site where products and their features are stored in the database.
We use HTTP POST requests to modify the data and send it to the server. Primary examples can be the authentication forms like login or contact forms where user credentials are checked in a database for authentication.
We also test COOKIES and other HTTP headers likes Host, Referer and User-Agent for potential injection vulnerabilities as some web applications store them in database.
UNION query based.
Blind boolean based.
Blind time based.
We will first test all input ﬁelds manually to identify the injection points and manipulate the queries to generate an error to precisely understand which parameters are vulnerable.
If the back-end database fails to execute a query and display a typical SQL Server error or a custom error than it will be possible that the application is vulnerable to SQL injection.
In some cases we will send valid queries with various boolean logic statements to trigger and manually analyze different responses from the web server.
While in other scenarios when web application is not showing any errors than we will send automated time delays to the database and check whether the response from the server has also been delayed to confirm the existence of SQL injection.
We would not like to send you a report where it says we could not find any vulnerabilities. Regardless of how well you might have patched things there is always something and we would like to find it through comprehensive testing and it can take time.
Depending on the size of the website it can take days and than we also need time to prepare a detailed report.
The report will be thorough and include the details of our findings and all the tests conducted. We will try our best to keep it simple for your understanding.
Based on our finding through our extensive tests we will provide recommendations in the report on how to patch the security vulnerabilities.