I am creating a "vulnerable web application".
Is there a way to create an SQL injection vulnerability that is easy to spot in manual testing, but very difficult (or impossible) when a normal SQL scanner such as SQL Map or Burp Active Scan is detected?
This is important to me because I want to find out which testers can detect the scanner without the scanner.
One possibility that immediately came to my mind would be if the user had only one way to submit the form, but that would be too impractical.
I could use one-time tokens (csrf), but it's relatively easy to tell a scanner to get a new one before each request.