cwe-89
Safeguard articles tagged "cwe-89" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Parameterized queries across languages: the real defense against SQL injection
SQL injection (CWE-89) still ranks #3 on the OWASP Top 10, but every major language has shipped a native, built-in fix for over a decade — most breaches happen anyway.
Preventing SQL injection in Node.js applications
CWE-89 is a 25-year-old bug class, but Node's template literals make it trivially easy to reintroduce in mysql2, pg, and even Sequelize's raw-query escape hatch.
SQL Injection in Go: Why database/sql Is Safe Until You Reach for Sprintf
database/sql gives Go parameterized queries for free — yet SQL injection still ships in Go services through dynamic query building, ORM escape hatches, and misused identifiers. Here's the line you can't cross.
What is SQL Injection (SQLi)
SQL injection (CWE-89) lets attackers rewrite database queries via untrusted input — here's how SQLi works, its types, severity, and how to prevent it.
How Does SQL Injection Work
A technical walkthrough of how SQL injection works, the main attack variants, real breaches it caused, and how to detect and prevent it.
SQL injection: a complete developer's guide
A developer's guide to SQL injection: how it works, why CWE-89 still ranks in MITRE's Top 25, real breaches, and how to detect and fix it.