4.1 Injection Attacks = Child’s Play
Injection based attacks have been the number one security risk to Web-apps since 2010. Why is injection at the top? For one, Hackers discover vulnerable sites with little effort. Tools like Havij and Shodan make injection attacks child’s play. The potential impact from injection-based attacks, especially SQL injection, is severe. SQL injection vulnerabilities allow hackers to circumvent security controls and run arbitrary scripts against the database. These scripts might steal data, destroy data, create a backdoor or all the above. Despite the awareness of injection risks, organizations have trouble eliminating the threat. The news article featured in the GIF below were all written in the last two years. They are a few examples of SQL injection that I found interesting.
Large organizations like Cisco, Instagram, and Texas.Gov discovered injection vulnerabilities since 2018. MySQL and PostgreSQL write source code for database systems, and even they are not immune.