Safeguard
Tag

database-security

Safeguard articles tagged "database-security" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Security Guides

Preventing SQL Injection in Python

SQL injection is decades old and still ships to production. In Python it almost always comes down to one habit: building query strings instead of passing parameters.

Jul 3, 20265 min read
Vulnerabilities

SQL Injection Prevention Cheat Sheet

A practitioner's SQL injection cheatsheet: parameterized queries, safe ORM use, input validation, least privilege, and the exact patterns to ban in review.

Apr 22, 20256 min read
Vulnerabilities

SQL Injection Examples: Classic and Modern Attack Patterns

Real SQL injection examples from classic login bypass to blind, time-based, and ORM-era attacks, plus how to test for each one safely.

Jun 4, 20246 min read
Code Security

SQL Injection Prevention in 2022: Why It Still Happens and How to Stop It

SQL injection has been the top web vulnerability for over two decades. Modern frameworks help, but they do not make it impossible. Here is what still goes wrong.

Oct 22, 20227 min read
Infrastructure Security

Database Extensions as Supply Chain Risk: The Overlooked Attack Surface

PostgreSQL extensions, MySQL plugins, and database add-ons run with database-level privileges. A compromised extension has direct access to your data. Most organizations never audit them.

Sep 28, 20225 min read
Application Security

NoSQL Injection and MongoDB: Prevention Guide

NoSQL injection attacks exploit the query languages of non-relational databases to bypass authentication, extract data, and modify records. This guide focuses on MongoDB injection with defenses applicable to all NoSQL databases.

Aug 5, 20226 min read
database-security — Safeguard Blog