1. Visit www.isecpartners.com and request an evaluation copy of the product.
2. After installing the toolbar on Internet Explorer 6 or 7, visit the web application
using IE.
3. Within the web application, visit the page you want to test. Then choose Data
Validation | SQL Injection from the SecurityQA Toolbar (Figure 1-1).
4. The SecurityQA Toolbar will automatically check for SQL Injection issues on
the current page. If you want to see the progress of the testing in real time,
click the expand button (the last button on the right) before selecting the SQL
Injection option. The expand button will show which forms are vulnerable to
SQL Injection in real time.
Figure 1-1 SecurityQA Toolbar
Chapter 1: Common Injection Attacks 19
5. After the testing is completed on the current page, as noted in the progress bar
in the lower left side of the browser, browse to the next page of the application
(or any other page you wish to test) and repeat step 3.
6. After you have completed SQL injection testing on all desired pages of the
web application, repeat steps 3 and 5 for LDAP Injection, XPATH Injection, OS
Commanding, or any other injection testing under the Data Validation menu.
Pages:
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84