SQL Testing

by Ivan C
The insertion of a SQL query through the input data from the client to the application is called a SQL injection. A SQL injection has three classes that include in-band, out-of-band, and inferential. The purpose for an injection is to retrieve sensitive data from databases, to modify data such as inserting, updating, or deleting, recovering content from database files, and among others. Each type of injections is used differently to gather data.

  • Inband: data is extracted using the same channel that is used to inject the SQL code. This is the most straightforward kind of attack, in which the retrieved data is presented directly in the application web page.
  • Out-of-band: data is retrieved using a different channel (e.g., an email with the results of the query is generated and sent to the tester).
  • Inferential: there is no actual transfer of data, but the tester is able to reconstruct the information by sending particular requests and observing the resulting behavior of the DB Server. (OWASP, 2011)

Regardless of the type of injection, each one has to correctly have a SQL query. Another form of testing is called Blind SQL Injection. In this form the outcome of an operation is unknown. This test works by inputting boolean queries, observing and decoding the answers. Another type of injection includes Union Query SQL Injection in which queries are joined (OWASP, 2011). By doing this type of injection the tester can obtain other values of fields from other tables.

Overall this article introduced SQL Injections to me. I was able to learn the different types of injections that there are and how to prevent them. I disliked that I did not understand all of the terminology on this article but it did show examples of queries for each injection. I hope I can familiarize myself with this subject more on my spare time and in class.

Works Cited

OWASP. (2011). Retrieved November 3, 2011, from Testing for SQL Injection: https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OWASP-DV-005)