Cyber Education Startup

In this interactive tutorial you will understand how SQL injection attacks are used to compromise the security of a web application, and how to write code more securely to protect against this type of attack.

1. Exercise Background

The vulnerable application pane loads the TradePORTAL application, an online trading platform. Registered users of the system can login to buy and sell stocks, bonds and currencies. Alice is a trader and registered (legitimate) user of the application.

ActionClick “Next” to continue.


2. SQL Query Logs

The live log pane displays real-time SQL database queries that are generated and logged by the TradePORTAL application.
ActionClick “Next” to continue.


3. Logging In

Alice tries to login to the application with the following credentials:Username:
Note: Keep an eye on the live log pane when attempting to login.
ActionUse Alice’s credentials to login.

4. Bad Input

So the password alice123 doesn’t seem to work for Alice’s account. Before contacting the administrator to reset her password, Alice tries

Original URL:

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: