In recent years, we have seen increasing media coverage about major corporate and government data breaches, and as general awareness of security has increased, it has become more and more difficult to infiltrate an organization's networks by exploiting standard perimeter services. Publicly known vulnerabilities associated with these services are often quickly patched and leave little available attack surface. On the contrary, web applications often contain custom code that usually does not undergo the same amount of public scrutiny that a network service from an independent vendor does. Web applications are often the weakest point on an organization's perimeter, and as such, appropriate scanning and evaluation of these services is critical. 

Prior to addressing each of the listed recipes specifically, we will discuss some general information regarding sqlmap. The sqlmap is an integrated command-line tool in Kali Linux that drastically reduces the amount of effort required to exploit SQL injection vulnerabilities, by automating the entire process. The sqlmap works by submitting requests from a large list of known SQL injection queries. It has been highly optimized over the years to intelligently modify injection attempts based on the responses from previous queries.