I [itsec novice] am developing a workflow/application for identifying potential SQL injection vulnerabilities in web applications and would like to get some professional opinions on my approach.
Roughly my approch is
- Step 1: Identifying potential vulnerabilities
- Step 2: Exploiting/Verifying them via sqlmap
First question (regarding existing tools):
Considering speed, would you recommend to use existing applications like sqlmap? It feels like there is much overhead when scanning with sqlmap, but I didn't try out every switch. What do you think? My assumption is that a own application would be faster, but is this true and is there a rule like "do not roll your own" like for encryption?
Second question (regarding vuln identification):
Currently I am thinking of two ways to identify entry points. Both of them are applied to GET&POST parameters, cookies and HTTP header values.
- Appending ' to the parameter value (and encoded variants) and checking for SQL errors or differences in the rendered page
- Appending a true/false condition (with/without encoding and commenting characters) and check if the rendered pages differ
Are there any other ways which I should implement or should these two ways identify most vulnerabilities?
Aucun commentaire:
Enregistrer un commentaire