Top Bug #1: Injection Attacks

Most of these exercises can be executed without ZAP, but since our goal is to learn uncover and practice with our arsenal favorite tool, we will do this exercises using it

Assuming you have ZAP already installed in your computer, open it and make sure the browser has been configured to use ZAP as a proxy.

The following movie demostrates how the attack is done using ZAP on Security Ninja vulnerable app and using the testing guide test cases

IMAGE ALT TEXT HERE

Exercise 1: SQL Injection

Watch this video aboug SQL Injection attacks</br> IMAGE ALT TEXT HERE</br>

Visit a vulnerable webiste like :http://testphp.vulnweb.com</br> Attempt a SQL injection using test cases found in the testing guide</br> https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)</br>