Black-box testing is a method of software testing that examines the functionality of an
application (e.g. what the software does) without peering into its internal structures or
workings. Black-box testing is used to detect issues in SQL statements and to detect SQL
injection vulnerabilities.
Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the
Implementation/Development phase and will likely require code changes.
Pen testers need to perform this testing during the development phase to find and fix the
SQL injection vulnerability.
What can a pen tester do to detect input sanitization issues?
A.
Send single quotes as the input data to catch instances where the user input is not
sanitized
B.
Send double quotes as the input data to catch instances where the user input is not
sanitized
C.
Send long strings of junk data, just as you would send strings to detect buffer overruns
D.
Use a right square bracket (the “]” character) as the input data to catch instances where
the user input is used as part of a SQL identifier without any input sanitization