SQL Injection is one of the most popular forms of web application vulnerabilities which involves inserting or injecting SQL codes from into user-input variables (commonly via URL or web forms) and executed against your database with the intent of retrieving sensitive information or compromise your web server. The easiest way to prevent SQL injection is to validate all your user input and escaping unrequired queries or parameters.
But let’s face it: zero-application vulnerabilities does not exist. Some vulnerability can still remain in your application after thorough testing. There are a lot of tools available to test for SQL injection vulnerability but SQLFury is one of the first free tools available.
Based on the Adobe Air platform, this cross-platform tool can be downloaded and will scan your application using blind SQL injection techniques to extract information from your target database. It supports most popular database systems like MySQL, PostgreSQL, Oracle and Microsoft’s SQL Server. All you will need to supply is the URL of your site, the testing parameters and it will return a report with any vulnerabilities detected.