0

Are there any way to test the sql injection on my website ? I'm using SPA - Blazor technology with identity for login purposes and I'd like to check any security risks in my localhost. most of the solutions were provided to check the url online while I don't want to publish the website before deter the sql injection risks

any idea ?

Fadi Akkad
  • 296
  • 9
  • Does this answer your question? [Testing if a site is vulnerable to Sql Injection](https://stackoverflow.com/questions/10281349/testing-if-a-site-is-vulnerable-to-sql-injection) – Igor Mar 15 '22 at 12:59
  • no not really. cause i'm using Blazor technology which has different process. – Fadi Akkad Mar 15 '22 at 13:03
  • 1
    Sql Injection is done externally so the attacker is unaware if the site is using blazor or not. The only thing the attacker really wants to know is what RDBMS is being used so they can attempt to at least use the correct sql syntax when passing in values. – Igor Mar 15 '22 at 13:29
  • Avoid passing concatenated SQL queries from client to server which usually devs use to facilitate search conditions on databases. Use non admin logins for website users for database operations, you can also validate queries not to have multiple statements like DDL and check for some prohibited keyword like DROP, GRANT etc – Surinder Singh Mar 15 '22 at 15:29

0 Answers0