A hands-on ethical hacking project exploring SQL Injection vulnerabilities and prevention techniques.
This project was part of the DevTown Bootcamp and focused on understanding, testing, and mitigating one of the most dangerous web vulnerabilities β SQL Injection (SQLi).
As a Computer Science student, I joined the bootcamp not as a cybersecurity expert, but as a developer who realized that building secure applications requires a deep understanding of the threats they face.
-
What is SQL Injection and how it works
-
Types of SQLi:
- Error-based
- Union-based
- Boolean-based blind
- Time-based blind
- Out-of-Band
-
Real-world case studies:
- π Pulse Secure VPN β CVE-2019-11510
- π Drupalgeddon2 β CVE-2018-7600
- π Microsoft CryptoAPI Spoofing β CVE-2020-0601
-
Manual testing using payloads (e.g.
' OR 1=1 --) -
Automated exploitation with SQLMap
-
Security best practices to prevent SQLi
- π Vulnerable Test Website: http://testphp.vulnweb.com
- βοΈ SQLMap: Automated SQLi testing tool
- π MITRE ATT&CK Mapping (T1190)
- π‘ OWASP Top 10 Injection Flaws
- Use Prepared Statements (Parameterized Queries)
- Apply Input Validation and Whitelisting
- Use ORMs (like Laravel Eloquent)
- Apply Least Privilege Principle on DB accounts
- Enable Web Application Firewalls (WAF)
- Implement proper Error Handling and Logging
Devtown project_compressed.pdf: Full project reportREADME.md: This file
"Cybersecurity isnβt just for ethical hackers β every developer should know how to break things, so they can build them better."
This project was completed under the guidance of the DevTown Bootcamp instructors and is meant for ethical learning purposes only.