Tag Archives: SQL

Do you believe in design under fire?

POST_7-IMG0If you are into IT, you are most probably familiar with functional acceptance tests where you test a Website or application before going live. This allows you to check if the developer has abided by the specifications and respected all relevant guidelines and best practices.

When it comes to security verifications, we cannot afford to wait for the next hack or security audit to pentest our applications and websites. This is where “design under fire” comes into play. It’s a technique that allows you to continually test the security of your Website, architecture, application while designing it thus minimizing its vulnerabilities and increasing its chances to meet security best practices and business needs in terms of Confidentiality, Integrity, Availability and Traceability.

I was very happy to find a recent Android mobile application by the name of DroidSQLi developed by a Lebanese security practitioner by the name of Edgard Chammas:

POST_7-IMG1

As its description on the Google Play store puts it, DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.

DroidSQLi supports the following injection techniques:

  • Time based injection
  • Blind injection
  • Error based injection
  • Normal injection

It automatically selects the best technique to use and employs some simple filter evasion methods.

Legal notice: this application is for educational purposes ONLY. No warranties of any kind are expressed or implied.

Use at your own risk! But use it without restraints on your virtual pre-production lab.

It’s such a pride seeing Lebanese contributions in the IT and Information Security domains. Keep them coming!