This section explains how to test whether a website is safe from SQL injection using the sqlmap penetration-testing tool. sqlmap is an automated tool for finding and exploiting SQL injection vulnerabilities injecting values in the parameters of the queries.