Top Bug #1: Injection Attacks
Most of these exercises can be executed without ZAP, but since our goal is to learn uncover and practice with our arsenal favorite tool, we will do this exercises using it
Assuming you have ZAP already installed in your computer, open it and make sure the browser has been configured to use ZAP as a proxy.
The following movie demostrates how the attack is done using ZAP on Security Ninja vulnerable app and using the testing guide test cases
Exercise 1: SQL Injection
Watch this video aboug SQL Injection attacks</br> </br>
Visit a vulnerable webiste like :http://testphp.vulnweb.com</br> Attempt a SQL injection using test cases found in the testing guide</br> https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)</br>