SQL Injection Scanner

What Does SQL Injection Scanner Mean?

A SQL injection scanner is an automated tool used to verify the vulnerability of websites and web apps for potential SQL injection attacks. During a SQL injection attack, the hacker attempts to illegally retrieve stored database information like usernames, passwords, etc. SQL injection scanners test the websites and web apps to check whether they are prone to SQL injection attacks.


Techopedia Explains SQL Injection Scanner

SQL injection is probably the most prevalent web app hacking technique that attempts to pass SQL commands via a web application to cause undesired results. Automated web vulnerability scanners are considered the ideal choice for checking SQL injection vulnerabilities in websites and web apps. This helps the web admin to instantly fix the code to protect the websites or web apps from any potential SQL injection attacks. SQL injection scanners’ simple, automated methods save time and effort.

SQL injection attacks include visible and blind attacks. There are many scanners available in the market, which check for potential visible and blind injection attacks. IBM’s AppScan, Cenzic’s Hailstorm and HP’s WebInspect are some examples.

The following are some open-source SQL injection scanners, amongst many others:

  • SQLIer
  • SQL Injection Brute-forcer
  • BobCat
  • SQLMap
  • Absinthe
  • SQL Power Injector
  • SQL Injection Pen-testing Tool
  • Blind SQL Injection Perl Tool
  • SQLNinja

Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…