Practical SQL Injection Testing using Burp Suite Labs

In this project, I completed a series of hands-on labs focused on SQL Injection vulnerabilities using the PortSwigger Web Security Academy platform.

The labs covered a variety of real-world scenarios, including:

SQL Injection via UNION to determine column count and extract data

Identifying text-based columns for exploitation

Extracting data from other tables

Querying database types and versions (Oracle, MySQL, etc.)

Blind SQL Injection using conditional errors, responses, and time delays

Each lab was solved manually using Burp Suite and included request manipulation, payload crafting, and response analysis.

This experience improved my skills in identifying and exploiting SQL injection flaws, and deepened my understanding of backend database behaviors in insecure applications.