Thursday, December 31, 2009

SQL Injection Resources

(from Robert Portvliet)

Here's list of some (SQL Injection) resources I had put together, a good portion of it is probably covered in the Phoenix OWASP list, but here it is anyway:

Vulnerable WebApps:



Damn Vulnerable Web App -

Mutillidae -

Hackme Bank -

Hackme Travel -

Hackme Shipping -

Hackme Casino -

Videos & webcasts:

OWASP Appsec NYC 2008 -

Caught in the web series -

Invasion of the browser snatchers series -

Advanced SQL injection -

Websec 101 -

Hackme Bank & Hackme Travel videos-


Samurai Web Testing Framework (Live CD which contains most tools
needed to perform web assesment) -


OWASP Testing Guide -

Cheat Sheets

SQL Injection Cheat Sheet -

SQL Injection Cheat Sheet -

SQL Injection Cheat Sheet w/ filter evasion -

SQL Injection Cheat Sheets sorted by DB -

XSS Cheat Sheet w/ filter evasion -

Web App Assesment Cheat Sheet -


Web Application Hackers Handbook -

Whitepapers & slides-

OWASP article on Web application penetration testing -

Advanced SQL injection -

Best of web application penetration testing tools -

(The next two papers are a little old, but still quite useful)

Advanced SQL Injection in SQL Server -

(More) Advanced SQL Injection in SQL server -

1 comment:

Jim Manico said...

An even more detailed version of this list can be found at