SQL injection, or SQLi, is one of the least sophisticated web application security attacks that can give an adversary complete control over your web application database. Immortalized by “Little Bobby Drop Tables” in XKCD 327, SQLi was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Ten lists injection as the number one threat to web application security.
The good news? SQL injection is the lowest of the low-hanging fruit for both attackers and defenders. SQLi isn’t some cutting edge NSA Shadow Brokers kit, it’s so simple a three-year old can do it. This is script kiddie stuff–and fixing your web application to mitigate the risk of SQLi is so easy that failure to do so looks more and more like gross negligence.