SQL injection is a vulnerability generated by weak input validation controls in an application. It allows a malicious user to execute arbitrary SQL code, which exposes the information stored, and, in some critical cases, allows complete control of the server where the application is residing.
There are three main ways to detect SQL injections using Burp Suite: first, by manually inserting testing strings; second, by using the scanner; and third, by using an extension called CO2, which uses sqlmap in the background, a tool for exploiting and detecting SQL injections. Let's take a look at these three methods.