50 Ways to Inject Your SQL, In Harmony (Sort Of Anyway)
Paco, I love your creativity, but seriously dude, don't give up your day job. Paul Simon you aren't, although the melodious one does break through a time or two -- but nowhere near 50 times. For those of you wondering who Paco is and what I'm talking about, well, Paco is, a Technical Manager at security firmCigital, and what I'm talking about is his very funny -- and highly instructional -- parody of Paul Simon's 50 Ways to Leave Your Lover.Paco's twist, however, is 50 Ways to Inject SQL, an lyrical examination of the security problem that exploits vulnerabilities in the database layer of applications.SQL injection is a vulnerability present when user input is incorrectly filtered for string literal escape characters embedded in SQL statements, or not strongly typed and executed. SQL injections can happen when you embed one programming or scripting language inside another. What's surprising is that SQL injection was "discovered" more than 10 years ago, yet it still is an issue. In fact, automated SQL injection attacks are increasing in numbers. Paco's parody reminds us that SQL injection is still a problem and something we need to be careful about. All kidding aside, nice job Paco, and thanks for the reminder. But don't let go of the day job.