The idea is to demonstrate sql injection and how to protect your site form them:
First you have 2 pages site home page with log in and welcome page after your log in with your info ( very simple page you can use any template/designs you have done before with changing the content )
The database will have these info:
1) Username
2) Password
3) Email
4) First name
5) Last Name
6) Job
7) Favorite hobby
9) Favorite car
10) Income
The same 2 pages site will have many versions with deiffirent security levels and this is where your sql injection experience needed:
version 1: No security and it will injected easily with } or '-- to fetch info and/or change them
Then you patch that with version 2 (by stripping slashes or whatever ) and also inject it then you go on next version until it is secured from sql injection
this way we explained the attack to audience and taught them how to patch them until it becomes secured form sql injection ( you can also show open source program/bots that automatically check sql injection vulnerability or does automatic inject )
Very simple project if you know what your doing
Hello sir,
I am a web application penetration tester with 4 years of experience in information security and i know sql injection and also other web vulnerabilities.
I can demonstrate sql injection.
From basic to advance and also tell you how to patch sql injection.