SQL injection: The bug that seemingly can’t be squashed

2021-01-11 05:30

If you're in a hands-on cybersecurity role that requires some familiarity with code, chances are good that you've had to think about SQL injection over and over again.

SQL injection is such a bug, still being leveraged by script kiddies looking to make a quick buck on the dark web.

As an industry, we are improving all the time, but SQL injection is still a significant threat and affects far more than just legacy or unpatched systems.

We keep saying that SQL injection is simple to fix and that code should be written so as to not introduce it at all.

Developers are making the same mistakes, leading to recurring vulnerabilities like SQL injection infiltrating a codebase.

Poor coding patterns are keeping bugs like SQL injection alive, and we need to place more emphasis on developer security awareness as well as give them the time to write a higher standard of secure, quality code.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/vT8ivlZSxOo/

#SQL