Don't miss an insight. Subscribe to Techopedia for free.


SQL Injection Scanner

What Does SQL Injection Scanner Mean?

A SQL injection scanner is an automated tool used to verify the vulnerability of websites and web apps for potential SQL injection attacks. During a SQL injection attack, the hacker attempts to illegally retrieve stored database information like usernames, passwords, etc. SQL injection scanners test the websites and web apps to check whether they are prone to SQL injection attacks.


Techopedia Explains SQL Injection Scanner

SQL injection is probably the most prevalent web app hacking technique that attempts to pass SQL commands via a web application to cause undesired results. Automated web vulnerability scanners are considered the ideal choice for checking SQL injection vulnerabilities in websites and web apps. This helps the web admin to instantly fix the code to protect the websites or web apps from any potential SQL injection attacks. SQL injection scanners’ simple, automated methods save time and effort.

SQL injection attacks include visible and blind attacks. There are many scanners available in the market, which check for potential visible and blind injection attacks. IBM’s AppScan, Cenzic’s Hailstorm and HP’s WebInspect are some examples.

The following are some open-source SQL injection scanners, amongst many others:

  • SQLIer
  • SQL Injection Brute-forcer
  • BobCat
  • SQLMap
  • Absinthe
  • SQL Power Injector
  • SQL Injection Pen-testing Tool
  • Blind SQL Injection Perl Tool
  • SQLNinja

Related Terms