SQL injection: The bug that seemingly can’t be squashed

From helpnetsecurity.com

If you’re in a hands-on cybersecurity role that requires some familiarity with code, chances are good that you’ve had to think about SQL injection over and over (and over) again.

It’s a common vulnerability that – despite being easily remedied – continues to plague our software and, if left undetected before deployment, provides a small window of opportunity to would-be attackers.

December 2020 marked SQL injection’s 22nd birthday (of sorts). Despite this vulnerability being old enough to drink, we’re still letting it get the better of us instead of squashing it for good. In August this year, Freepik Company disclosed that they had fallen victim to an SQL injection blunder that compromised the accounts of 8.3 million users.

Read more…