SQL Injection

Persistent Threats (yes, I dropped the advanced) get a lot of airtime, but if there ever was a case for a persistent vulnerability (PV), you’d have to imagine SQL injection (SQLi) being the grandmother of them all.

Ever since SQL databases have been used, input fields have been vulnerable to SQLi. If you were to humanise these components, an SQL database would most likely resemble a big lump of a man who doesn’t get out much. Morbidly obese and probably suffers from back acne. Like that late night security guard working at the reception desk in your building who always seems to either be munching on a slice of pizza or sleeping with his feet up on the table and his mouth wide open snoring loudly.

Lady SQLi, is the young irresistibly attractive lady who walks into that reception room and batters her eyelids as asks if she could be let into a meeting room; or use the phone, the restroom or any other facility within the building. Despite having no ID or anyone to verify her identity, the big old database seems happy just to be noticed and is like putty in her hands.

There’s a lesson in there somewhere – I’m just not sure what it is.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s