What causes Injection Attacks?
- Denial of service
- Data loss
- Data disclosure
When does your application have a HIGH vulnerability of an injection attack?
When your application has been created using a language that does not have a clear distinction between code and data.
What is the character that is most likely used for SQL injection attacks?
Single quote (‘)
So how do we mitigate SQL injections…
- Prepared statements with parameterized queries
- White list input validation
- Escaping user inputs
