SQL Injection

SQL Injection, also commony referred to as “SQLi” in a recent report was referenced as the root cause in 80% of all retail breaches (reference pending).

There are two fantastic resources for understanding SQL Injection- one is from Randall Munroe’s XKCD comic and the other is a YouTube video from Javvad Malik.

In the XKCD coming titled “Exploits of a Mother” a mother famously names her child “Robert ‘); DROP TABLE Students;–“ then has to explain to the school why the data is missing from their database.

 

In the YouTube video Javvad explains SQL Injection in plain English in a way only he can using a clever mash-up of neuro-linguistics and hilarious vignettes. It’s definitely worth the watch.

For those who prefer a more technical explanation, SQL injection has earned itself both a CWE from MITRE as well as a ranking on OWASP’s top ten list.

There are lots of references on the web on how to mitigate SQL Injection. If you are interested in this go straight to the OWASP SQL Injection Cheat Sheet for everything you need.