Today I came across a website that seemed quite interesting. There was a search function on the page that indicated that I could access the database via some simple commands that manipulate the SQL code to forget what it is set to do and care about my commands instead.
My assumptions were correct; the website and database were exposed to SQL-Injection.
We are in 2021 and SQL-Injection is still in first place on OWAP’s top ten lists.
There are probably several reasons for this, but I can imagine that the two most important reasons for it are
** Too little focus / lack of information for secure coding **
- That the programmer has little or no focus on security which means that the page and the database are exposed to SQL-Injection.
- When the programmer learned the language with the help of guides on the internet, or at school, there was little focus on this. Guides on the internet quite often show only a straight forward guide that does not focus on the safety aspect of programming.
** Old web pages **
- Old web pages that were created and created before security were a thing on the internet, and then forgotten.
I highly recommend this site to learn more about secure coding; feel free to share it: https://developer.okta.com/blog/2020/06/15/sql-injection-in-php