[Secure Coding] 0x01 - SQL Injection

TL;DR SQL Injection (SQLi) attacks remain a significant threat even in modern web applications. They exploit vulnerabilities in how web apps interact with databases, often through improperly handled user input. While ORMs (Object Relational Mappers) reduce the risk, they don’t eliminate it entirely— especially when developers bypass them for manual queries. The best protection is using prepared statements and implementing input filtering. Additionally, you should always store sensitive data, like passwords, securely, as a way to prevent any successful attacks to read it....

September 8, 2024 · 6 min · 1224 words · Iuri Moro