SQLi Hall-of-Shame

statue covering face in front of old broken brick wallWelcome to the SQL Injection Hall-of-Shame
In this day and age it’s ridiculous how frequently large organizations are falling prey to SQL Injection (SQLi) which is almost totally preventable as I’ve tell people all the time as part of my day job at Parasoft and written previously.

Note that this is a work in progress. If I’ve missed something you’re aware of please let me know in the comments at the bottom of the page or on Twitter.

Don’t let this happen to you! For some simple tips see the OWASP SQL Injection Prevention Cheat Sheet. For more security info check out the security resources page and the book SQL Injection Attacks and Defense or Basics of SQL injection Analysis, Detection and Prevention: Web Security for more info.

SQLi Attacks

48 comments to “SQLi Hall-of-Shame”
  1. Pingback: SQL Injection Hall of Shame updated - The Code Curmudgeon

  2. Pingback: SQL Injection is So "2000-and-Late" - The Code Curmudgeon

  3. Pingback: Episode 4 – OWASP and You!

  4. Pingback: Estándares de configuración segura (hardening) en PCI DSS - PCI HispanoPCI Hispano

  5. Pingback: 5 Website Security Checks: Are you at risk? - Server Density Blog

  6. Pingback: Die 10 katastrophalsten Sicherheitslücken – Teil 1 › PSW GROUP Blog

  7. Pingback: SQL Injection Hall-Of-Shame / Internet-of-Things Hall-Of-Shame « Another Word For It

  8. Pingback: Les injections SQL | securitywatchblog

  9. Pingback: Five Reasons Why You Should Care About Application Security | AppSecure Labs

  10. Pingback: Securing the SDLC – InfoSec News

  11. Pingback: SQL Injection - A Pain That's Not Going Anywhere - The New Developer

  12. Pingback: Blog do Laboratório de Investigação » Blog Archive » Veja as principais ameaças para as startups

  13. Pingback: Website Security | Frank DeCaire

  14. Pingback: Russian hacker Rasputin breaches over 60 Universities and Government Agencies – sec.uno

  15. Pingback: Russian hacker Rasputin breaches over 60 Universities and Government Agencies – Jighi Blog

  16. Pingback: Block SQL injections, not your customers - Sqreen Blog | Application Security For Developers

  17. Pingback: Russian-Speaking Hacker Sells SQLi for Unauthorized Access to Over 60 Universities and Government Agencies ~ CrackWare

  18. Pingback: A Closer Look: OWASP Top 10 Application Security Risks

  19. Pingback: The OWASP Top 10 is killing me, and killing you! | HPE – Startupon.net

  20. Pingback: The OWASP Top 10 is killing me – L Technology Group

  21. Pingback: A Closer Look: OWASP Top 10 2017 – Application Security Risks – Devasted Blog

  22. Pingback: A Closer Look: OWASP Top 10 2017 – Application Security Risks - Security Boulevard

  23. Pingback: SQL Injection Protection in Cloud Systems

  24. Pingback: A Panoply of SQL Injection Horrors | Mitigated Frenzy

  25. Pingback: Checkmarx Understanding Application Security Vulnerabilities: Part One - Checkmarx.com

  26. Pingback: Understanding Application Security Vulnerabilities: Part One

  27. Pingback: SQL injection and CFML 101 – Marcus Fernstrom

  28. Pingback: Why is my stored proc slow in .Net? | esotechnica

  29. Pingback: Understanding Application Security Vulnerabilities: Part One

  30. Pingback: Not Entirely Parameterized Dynamic SQL – Erik Darling Data

  31. Pingback: SQL injection - SQL Server Fast

  32. Pingback: 每周分享第 43 期

  33. Pingback: Top website security threats and how to protect your site from attack – Technology Revolution

  34. Pingback: Not Entirely Parameterized Dynamic SQL | Erik Darling Data

  35. Pingback: Just Using sp_executesql Doesn't Make Dynamic SQL Safe To Use | Erik Darling Data

  36. Pingback: Starting SQL: What Are Parameters Made Of? | Erik Darling Data

  37. Pingback: Starting SQL: What Happens When You Don't Parameterize Queries? | Erik Darling Data

  38. Pingback: Almost 17 Years of SQL Injection, Are We Done Yet? - Geek Speak - Resources & Events - THWACK

  39. Pingback: Combating SQL Injection | SQL Solutions Group

  40. Pingback: Security insights from a cyber-aware software development team | Redscan

  41. Pingback: Software Vendor Mistakes With SQL Server: Writing Unsafe Dynamic SQL – Erik Darling Data

  42. Pingback: SQL Injections and Election Security - Parasoft

  43. Pingback: Starting SQL: What’s The Difference Between Parameters And Local Variables In SQL Server? – Erik Darling Data

  44. Pingback: Starting SQL: What Happens When You Don’t Parameterize SQL Server Queries? – Erik Darling Data

  45. Pingback: Different Ways To Parameterize Queries In SQL Server – Erik Darling Data

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.