QASource Blog Blog Arrow

SQL Injection and IoT Security Testing: Shieldcast - Winter 2018

Security Testing, Application Security, QA Security, ShieldCast
QASource
QASource | February 14, 2018

Latest Cyber Security News

Latest Cyber Security News
 

IoT Security Testing Services

 

Threat Exposure

SQL Injection

SQL Injection (SQLi) is one of the oldest, most prevalent and most dangerous vulnerability. In this type of injection attack, attacker executes malicious SQL statements through web forms that control a web application’s database server.

SQL Injection

  • Impact

    • Access sensitive data from application database
    • Can insert, update or remove data from database
    • Attacker can execute database administration operation which can lead to shutdown of DBMS
    • Opens access to DBMS file system which can result in sharing of sensitive information
    • In severe cases, it can open access to operating system commands

  • Testing Recommendations

    • Test by inputting special characters like -- (double-hyphen), ; (semicolon), ‘ (single quote), “ (double quote) and other similar characters of special meaning in different flavors of SQL
    • Append universally true expressions like 2>1, at the end of all valid input fields using different expressions coupled with a variety of SQL keywords like AND, OR, UNION etc, to simulate an attack
    • Useful Tools: Sqlmap, SQLi Dumper

Evaluation – Tools and Technologies

BLACKARCH LINUX

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.

BlackArch Tools

Features

  • Derived from ArchLinux
  • Can install BlackArch components individually or in groups
  • Offers over 1900 tools organized by category, for security, and forensic
  • Can be used as a standalone live CD or live USB, run from a virtual machine, or be installed to a computer's hard disk

Key Takeaway

AIEngine - AIEngine is the next generation network intrusion detection engine. This interactive packet inspection engine offers features such as DNS domain classification, spam detection, network collector, network forensics, and many others. What’s more interesting about AIEngine is that it has the ability to learn without any human intervention.

Have Suggestions?

Have Suggestions?

We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com

Disclaimer

This publication is for informational purposes only, and nothing contained in it should be considered legal advice. We expressly disclaim any warranty or responsibility for damages arising out of this information and encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.

Related Posts

A Complete Guide to Salesforce QA Testing in 2023

A Complete Guide to Salesforce QA Testing in 2023

Security Testing, Salesforce Testing

Publish Date 07 Mar 2023

Salesforce is, without a doubt, the most popular and recognized customer relationship management (CRM) tool. Due to its system being flexible and supportive of companies across every industry and every size, it requires continuous testing and regular maintenance, and constant upgrades of features in order for the businesses to remain competitive.

Continue Reading
Role of Cyber Security in SaaS

Role of Cyber Security in SaaS

Security Testing, Application Security, Cybersecurity, Cybersecurity Testing, Cybersecurity Services

Publish Date 16 May 2023

With the increasing adoption of SaaS (Software as a Service) platforms, the number of cyber threats and attacks is also rising. SaaS platforms store sensitive and confidential data, making them a prime target for cybercriminals. As a result, it is imperative to ensure the security of SaaS platforms to prevent data breaches, data theft, and unauthorized access. The potential loss of data and its impact on a company's reputation can be catastrophic. Therefore, implementing robust cybersecurity in SaaS is critical to protect SaaS platforms and their users.

Continue Reading
Cyber Security Testing Checklist: 9 Steps To Complete Before Testing a Product in the Security Domain

Cyber Security Testing Checklist: 9 Steps To Complete Before Testing a Product in the Security Domain

Test Strategy & QA Methodologies, QA Security, Software Testing

Publish Date 21 Oct 2020

These days, a news story on a cyberattack is as common as the weather report. To defend against these potential attacks, companies have created products and software applications designed to secure their data. But can these security products and applications provide full protection against these threats?

Continue Reading
Session Management Vulnerability Trends

Session Management Vulnerability Trends

Security Testing, ShieldCast, Web Security, Cyber Security Testing Company

Publish Date 09 Jun 2022
Continue Reading

Is QA Outsourcing Right for Your Company?

Talk to our experts about your company's QA testing needs to determine whether outsourcing is right for you.

Written by QA Experts

QASource Blog, for executives and engineers, shares QA strategies, methodologies, and new ideas to inform and help effectively deliver quality products, websites and applications.