Overview#

A hands-on security lab exploring SQL injection—one of the OWASP Top 10 web vulnerabilities. Demonstrates multiple attack vectors including authentication bypass, data manipulation, and unauthorized access through improper input sanitization.

Key Concepts#

• Set up Docker-based vulnerable web application for safe testing
• Exploited authentication bypass using comment injection (';--)
• Demonstrated command-line injection via curl URL parameters
• Performed data manipulation attacks modifying salaries and passwords
• Analyzed defense mechanisms (prepared statements, PHP query limitations)

Technologies#

SQL, PHP, Docker, curl, OWASP

Related Skills#

• Cybersecurity
• Databases