SQL injection definition

Structured Query Language (SQL) injection is a type of attack that can give an adversary complete control over your web application database by inserting arbitrary SQL into a database query.

Immortalized by "Little Bobby Drop Tables" in XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Tenlists injection as the number one threat to web application security.

[ Learn why you need an API security program, not a piecemeal approach. | Get the latest from CSO by signing up for our newsletters. ]

The good news? SQL injection is the lowest of the low-hanging fruit for both attackers and defenders. SQLi isn't some cutting edge NSA Shadow Brokers kit, it's so simple a three-year old can do it. This is script kiddie stuff—and fixing your web application to mitigate the risk of SQLi is so easy that failure to do so looks more and more like gross negligence.

To read this article in full, please click here