CypherCon 2023
SQL Injection: A history’ OR 1=1; —
Will McCardell
Abstract:
SQL injection is one of the most well known application vulnerabilities, and is one of the first ones taught to newcomers to the industry due to the simplicity of the attack and the impact it can have. The damage it causes is often severe and has even been used to wipe out debts to governments. For 8 years, SQL injection was ranked as one of the most critical web app vulnerabilities by OWASP, the leading organization for web application security. But in 2021, OWASP dropped SQL Injection’s rank two places, reflecting the changes in the industry that reduced the frequency and impact of the vulnerability.
What is SQL injection, and how did we get to this point? This talk will go over the history of SQL injections: their origins; big hacks caused by SQL injections (including those whose effects are still felt today); the paradigm shifts that signal the twilight era of SQL injections; and how current trends are affecting the impact of these vulnerabilities. We’ll also discuss NoSQL injections and what the future holds for SQL injections.
Will McCardell
Drop tables =)