How can I determine if my system has effective protection against injection attacks or if the issue lies with my testing approach when I receive results such as 'params not injectable' or '403 forbidden'? I used the following command for testing: 'sqlmap -u https://url/public/api/auth/signin/ --data="username=test&password=test" --tamper=space2comment --random-agent'. Is there a way to ensure the correctness of my testing and my system's security?
I want to conduct a penetration test to determine the security status of our office system - to check if it's strong or if there are any vulnerabilities.