Search
START TYPING AND PRESS ENTER TO SEARCH

Blog

Don’t wait for the police: plugging holes in your website forms to avoid SQL injection

It’s been a while since the last major Florida election controversy but at long last the sunshine state has delivered. A cybersecurity researcher exposed serious vulnerabilities in the Lee County Supervisor of Elections Office website…and was promptly arrested after detailing those vulnerabilities in a YouTube video that bizarrely featured a man running for the supervisor of elections position. SQL injections are the number one threat in the OWASP top 10 and have been a favored tool of hackers for over 15 years. Tried, true, effective, and able to be automated using third party tools. What more could a hacker want? When your application is attacked using SQLi, the attacker sends malformed SQL statements using forms or even querystring values in the hopes that you don’t validate and check them before you execute them on the server. SQLi is unique from other attacks such as XSS because the statements run on the database server and not in the user’s browser. Continue reading this article on Tech Guru Daily.
Envelope
Facebook Linkedin Twitter Youtube Envelope

About the Author

Stephen Gates

Stephen Gates

Stephen Gates is an experienced writer, blogger, and published author who brings 15+ years of hands-on knowledge in information security to the Checkmarx team. Stephen is dedicated to conveying facts, figures, and information that brings awareness to the cybersecurity issues all organizations and consumers face. Aligning with Checkmarx mission of improving software security for all organizations, he is an advocate and promoter of their solutions worldwide.
See All Blogs >
Stephen Gates

Stephen Gates

Stephen Gates is an experienced writer, blogger, and published author who brings 15+ years of hands-on knowledge in information security to the Checkmarx team. Stephen is dedicated to conveying facts, figures, and information that brings awareness to the cybersecurity issues all organizations and consumers face. Aligning with Checkmarx mission of improving software security for all organizations, he is an advocate and promoter of their solutions worldwide.
See All Blogs >

About the Author

Never miss an update. Subscribe today!

By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.

More Resources to Consider

Building #DevSecTrust with JetBrains and Checkmarx
April 22, 2024
The Global Codebashing AppSec Training Initiative by Checkmarx and OWASP
April 18, 2024
What you should know: HTTP/2 CONTINUATION Flood Vulnerability 
April 10, 2024
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack
April 10, 2024

Contact Us

Interested in learning more about our unified platform and services?
Get in touch with a member of our team.
Request a Demo
Learn More
Solutions
Industry
Solutions For
Services
Partners
COMPARE
Company
Resources
Community
Linkedin Twitter Youtube Facebook

Terms of Use | Checkmarx Privacy Policy | Checkmarx.com Cookie Policy

©2024 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified

Skip to content