Is SQL a dead language for penetration testing? What are the most vulnerable weakness in a companies network these days
I am a proponent to learning as much as possible about something that interests me. I am a student in the CIS program at a University in Florida, specializing in Penetration Testing and Network Security. I have been reading over and over books, like steal this Computer Book 4.0., TCPIP guide, SQL Injection Attacks and Defense along with some others, along with my classroom books. To graduate we have to penetrate a network in a controlled environment, along with setting up a network using Boson Software. I have a friend at the Beach, who is in charge of the IT department at one of the largest banks in the world. He is telling not to waste my time on SQL injections or learning the language, that you only use only a small percentage of the language. My professor is a DOD penetration tester, he is telling me SQL is still a good language to learn for penetration testing. Who is right? We had a debate in the classroom on companies and there websites most vulnerable to, when it comes to penetration testing? There were some many different answers to that question. I know there isn't a right answer to this subject but I really like to know what you all think about this matter. My second question is, What do you think companies and there websites are most vulnerable to be attacked with? I understand the 99 percent of all hacking is internal, i am wondering about the external part. I got two different answers from my professor and my friend that works for the bank.