DEV Community


Discussion on: SQL injection for developers

blog profile image
Larson Reever

Because so many modern applications are data-driven and accessible via the web which includes popular cms like wordpress which is most susceptible these days, which has made Wordpress SQL Injection one of the most widespread exploits in 2020. Reason why i am talking about this is as i am a wp sec expert and a member of world sec consotorium. Additionally, because of the prevalence of shared database infrastructure, a SQL Injection flaw in one application can lead to the compromise of other applications sharing the same database instance. Developers can prevent SQL Injection vulnerabilities in web applications by utilizing parameterized database queries with bound, typed parameters and careful use of parameterized stored procedures in the database.

A common misconception is that input filtering and escaping can prevent SQL Injection. While input filtering can help stop the most trivial of attacks, it does not fix the underlying vulnerability.

In many cases, input filtering can be evaded by attackers leaving your web application vulnerable despite attempts to, for example, blacklist certain characters on a web form.

omerxx profile image
Omer Hamerman Author

Thank you Larson!
It's an honor.
I agree with everything you said. WP in that sense comes in as one of the layers developers often trust and kind of delegate responsibility to.

I did get a few comments about incorporating some examples and one line "how-to" so maybe this is an idea for another post.

Again - thanks for reading and taking the time to share some expert insights

Forem Open with the Forem app