This Blog Are Share Computer Related Notes For Education Purpose. ( CCNA, MCSA , Red Hat , Ethical Hacking , A+ , N+ , Computer Programming , Animation , Game Development , Web Designing , Cloud Computing , Android , Photoshop Training Videos, Tally.ERP 9, Windows Tips And Tricks ) , Online Courses , Commerce , Learn Music , Digital Marketing And Vocational Education.

Breaking

Friday, July 14, 2017

viSQL - Scan SQL vulnerability on Target Sites and Server on Kali Linux 2017 By SSTec Tutorials



viSQL - Scan SQL vulnerability on Target Sites and Server on Kali Linux 2017 By SSTec Tutorials.

What Is The SQL Injection Vulnerability & How To Prevent It?

SQL Injection Is A Code Injection Technique, Used To Attack Data-Driven Applications,
In Which Nefarious SQL Statements Are Inserted Into An Entry Field For Execution
(E.G. To Dump The Database Contents To The Attacker).

In The Early Days of the Internet Building Websites Was Very Simple; No JavaScript and No CSS and A Few Pictures.
But As The Web Grew More Popular The Need For More Advanced Technology And Dynamic Websites Arose.
This Lead to the Development of CGI and Server Side Scripting Languages like ASP, JSP and PHP.
In Order To Be Able To Store User Input And Site Content Databases Were Needed.
It Is Therefore Of No Surprise That Every Big Server Side Scripting Language Added Support For SQL Databases In Its Early Versions.
However, As With Almost Every Technical Improvement New Attack Vectors Were Found.
One Of The Most Dangerous Issues In Terms Of Data Confidentiality And Integrity In Web Applications Is A Vulnerability Called SQL Injection.
This Article Explains What A SQL Injection Is And How Attackers Can Exploit It.
If You’d Like To Learn More About The Vulnerability’s History Read

More :-  https://www.netsparker.com/blog/web-s...

SQL PREVENTION AND MITIGATION: 

There Are Several Effective Ways To Prevent SQLI Attacks From Taking Place, As Well As Protecting Against Them, Should They Occur.
The First Step Is Input Validation (A.K.A. Sanitization), Which Is The Practice Of Writing Code That Can Identify Illegitimate User Inputs.
While Input Validation Should Always Be Considered Best Practice, It Is Rarely A Foolproof Solution.
The Reality Is That, In Most Cases, It Is Simply Not Feasible to Map out All Legal and Illegal Inputs—At Least Not Without Causing A Large Amount Of False Positives,
Which Interfere With User Experience And An Application’s Functionality.
For This Reason, a Web Application Firewall (WAF) Is Commonly Employed To Filter out SQLI, As Well As Other Online Threats.
To Do So, A WAF Typically Relies On A Large, And Constantly Updated,
List Of Meticulously Crafted Signatures That Allow It To Surgically Weed Out Malicious SQL Queries. Usually,
Such A List Holds Signatures To Address Specific Attack Vectors, And Is Regularly Patched To Introduce Blocking Rules For Newly Discovered Vulnerabilities.

More :- https://www.incapsula.com/web-applica...


#Installation

1. Automatic Installation

wget https://raw.githubusercontent.com/bla...
python2 installer.py
Type "viSQL" to use tool.
viSQL

2. Manual Installation


git clone https://github.com/blackvkng/viSQL.git
cd viSQL
python2 -m pip install -r requirements.txt
python2 viSQL.py --help


SHARE BY GK
Computer Knowledge

No comments:

Post a Comment