| || |
Security Testing - ZAP Tool - SQL Injection and Parameters Issue.
I am new to security testing. I am using ZAP(Zed Attack Proxy) open source security testing tool.
Initially i did the following ...
1. proxy settings for firefox.
2. Installed all addons.
3. Application settings under Options.
4. Fuzzer settings
After that i gave the Application URL in QUICK Start tab and done attack.I t has given the Active scan details, Parameters,
Issue: For Login screen it is showing the parameters but not giving any parametrs for other screens and some parameters it is showing as d, r, t.
1. what is d, r, t? where we can find information about these parameters?
2. for few urls( which have in Active scan) giving a huge response. from that response I have selected one string(example: Username) and did thh FUZZ for SQL injection. Is it correct way to do the SQL Injection.
Kindly provide your ideas and any thing wrong pls post the reply in detail. Expecting your best support.
Thanks in Advance.