I’m a beginner on course to be an expert (hopefully) and I’ve been set assignments to test security systems on the web. The whole assignment is to prepare, test and document the results to correlate with real-life professional work. Coming from a software development background, I am logically solid on information security systems and how they work but I struggle with the practical side.
The assignment is to prepare and to pentest a log in form by SQL injection. I also have a background in website development but never understood the backend of things. What would be the best way to develop a login form with a backend database that’s susceptible to a sql injection (I’m a rookie so the easiest and most vulnerable login form would do)?.
Would I need a CMS? (This would all be in a sandbox environment)
Would I need a server for SQL?
I apologise heavily if this is very plain and makes you cringe.. but help would be great!