Glossary
SQL INJECTION
defined.
An attack where untrusted input is interpreted as SQL by the database, letting an attacker read, modify, or destroy data, or in some cases execute system commands.
A–Z
An attack where untrusted input is interpreted as SQL by the database, letting an attacker read, modify, or destroy data, or in some cases execute system commands.
The grandfather of injection bugs. Modern frameworks make it harder — ORMs use parameterized queries by default — but it lives forever in legacy admin tooling, reporting modules, and dynamic search filters. Blind and time-based variants don’t return data directly but still extract it character-by-character.
Defence: parameterized queries everywhere, principle of least privilege on DB accounts, and WAF rules as a secondary layer.
See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.
30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.