This exercise aims to teach students how to identify and report an SQL injection vulnerability using the Damn Vulnerable Web Application (DVWA). The report should be made according to ISO 27001 standards for information security incident management.
A new repository will be created in your account.
1cd DVWA/config 2sudo cp config.inc.php.dist config.inc.php
1sudo nano config.inc.php
💡 IMPORTANT: Ensure the following lines have the correct credentials:
1sudo mysql -u root -p 2CREATE DATABASE dvwa; 3EXIT;
1sudo chown -R www-data:www-data /var/www/html/DVWA/ 2sudo chmod -R 755 /var/www/html/DVWA/
*Username: admin
*Password: password
11' OR '1'='1
Click "Submit" and observe how DVWA processes the injection and displays the database results.
💡 NOTE: You should see a list of all users extracted from the database, indicating a successful SQL injection.
💡 NOTE: Incident reports according to ISO 27001 standards do not specifically require the inclusion of images unless they are necessary to illustrate critical points or specific technical details of the incident. However, in most cases, reports often include screenshots, charts, or diagrams only if they are relevant to support the explanation of the incident or to demonstrate how the vulnerability exploitation was carried out.
Download an example of an incident report
.pdf
format with the name incident-report.pdf