Discover SQL Injection vulnerabilities in web applications using OWASP ZAP
Here is a SQL Injection Scanner sample report:
Find SQL Injection flaws in web applications by crawling and deep inspection of web pages and parameters. Powered by OWASP ZAP.
Speed-up your penetration test with this online scanner. It is already set-up and configured with the optimal settings for best results and performance. Just start the scan and come back later for results.
You can perform a self-security assessment in order to detect weaknesses in your own application. This will allow you to fix the vulnerabilities before being hit by real attackers.
If you are a web development company, you can also show this report to your clients and prove that you have implemented the proper security measures in the application.
http://vulnapp.example.com/travel.jsp?id=x' UNION SELECT NULL, NULL, @@version -- '
Scanner capabilities | Light scan | Full scan |
Spider max URLs | 20 | 500 |
Spider max duration | 1 minute | 15 minutes |
Active scan max duration | 2 minutes | 30 minutes |
Parameter | Description |
---|---|
Target URL | This is the URL of the website that will be scanned. All URLs must start with http or https. |
Light Scan | This scan is faster but less comprehensive than the full scan. |
Full Scan | This is a complete SQL Injection assessment of the target web application. |
http://vulnapp.example.com/bookings.php?cat=4 AND 1=1 --