All companies, businesses, and industries use technology, and the way they use it is different. It is not the same web application for a retailer where there are priorities such as continuous services and big performance, as in an online banking application, where you need to be highly secure. Of course, all of these applications have common points, but as it is impossible to apply all controls, the most important thing is prioritizing the real requirements.

In this chapter, we will discuss another scenario, a shipping company. We will perform the same activities as in the past example, but this time using one of the most popular shipping companies: DHL.

We will be covering the following topics in this chapter:

• Discovering Blind SQL injection
• Exfiltrating data using Burp Suite

It is important to remember that in this and the previous chapter, we are not executing any malicious action against these sites. We are just continuing to analyze the public information and using our knowledge to determine some results. I recommend that you to not perform any illegal activities on a company website with which you have not signed a contract. If you want to test these methodologies, you can use public capture the flags, or onboard in a bug bounty program.