I have a web application where I have to check sql injection attacks and XSS attacks. Maximum number of forms are login protected. When user logs in, he is able to see those forms like
- Create Class
- Update Class
- Create Lesson
- Update Lesson
- Post Question
- Answer Question
If non-logged in user, hits these urls, it sends him on the login page.
How can I test these pages for sql injection and XSS.
Please help.
Regards
SAM