It's understandable that newly discovered application vulnerabilities get a lot of hype and attention. But it's the most common vulnerabilities we should really be worried about. One of the main culprits in data breaches, including some of the most high-profile attacks of recent years, is SQL injection.

According to Veracode research, SQL injection ranks among the 10 most common vulnerabilities — approximately one-third of applications have at least one SQL injection vulnerability. Fortunately, SQL injection vulnerabilities are eminently preventable. The SQL injection infographic below gives a simple explanation of how SQL injection works, along with some examples of recent attacks, and sample code with a SQL injection vulnerability. Most importantly, the infographic offers advice for developers and security professionals on how to prevent SQL injection flaws.

You can download the infographic PDF as a reference. And for more information about common vulnerability types, including SQL injection, browse the Veracode web application vulnerabilities knowledgebase.

About John Zorabedian

John Zorabedian is a blogger and copywriter at Veracode. He has a background in marketing and journalism, writing about IT security, technology, business, politics and culture. He lives and works in the Boston area.

Comments (1)

Mans | February 9, 2017 6:41 am

I need one clarification. As you have mentioned, using least privileges we can mitigate the SQL vulnerabilities. My question is say for example a user tries to update his mobile number or email id definitely the corresponding flow should have option to update the data in DB then obviously we need to provide write permission to user. How come we can take care of those scenarios?

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.