Injection Flaws
Lesson
In WebGoat read the lessons under “Injection Flaws." (Command Injection, Numeric SQL Injection, Log Spoofing, XPATH Injection, LAB: SQL Injection, Stage 1: String SQL Injection, Stage 2: Parameterized Query #1, Stage 3: Numeric SQL Injection, Stage 4: Parameterized Query #2, String SQL Injection, Modify Data with SQL Injection, Add Data with SQL Injection, Database Backdoors, Blind Numeric SQL Injection, Blind String SQL Injection)
Lab
Work the exercises of "Injection Flaws.”
The exercises to improve WebGoat are not mandatory (try them if you have experience with Java).
In order to prevent SQL injections in PHP read http://dhobsd.pasosdejesus.org/Web_application_security_in_PHP.html:
Discuss
Briefly discuss your experience this week. Some ideas follow but you don’t have to answer all the questions. Did you learn something interesting? Was there something confusing in the lesson that you had to look up? If so, what was it? Was it too much or too little work? Anything to add to it to make it better for the next round of students? Anything else you’d like to discuss about this week’s lesson?
A discussion works best when there are at least two people involved so I encourage you to comment on other people’s posts!