A Review of Penetration Testing Process For Sql Injection Attack

Abstract

In this rapidly developing information technology age, the Internet has emerged as a critical component of modern life. The usage of the web server has become crucial in providing services to users for various transactions like online banking, online purchasing, and web-based email. Due to this atmosphere, protecting a web server from cyber-attacks became essential to prevent data breaches. Secured coding implementation in developing online systems is crucial, as failure to do so will result in an SQL injection attack. Another problem concerning this problem is configuration against security devices, which makes the attack possible to be executed. Furthermore, owing to the emergence of technology, cyber intruders can utilize various techniques and sophisticated tools to steal information easily. Penetration testing is the approach that can be taken to measure a web server's security level and prevent an attack. This study aims to review SQL injection attacks and describe the required steps to execute penetration testing successfully. Next, the practical SQL injection attack was executed according to the penetration methodology. The outcome indicates that cyber intruders can log in as regular users and steal sensitive information if the web server is vulnerable to attack.