database-security
Safeguard articles tagged "database-security" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Preventing SQL Injection in Python
SQL injection is decades old and still ships to production. In Python it almost always comes down to one habit: building query strings instead of passing parameters.
SQL Injection Prevention Cheat Sheet
A practitioner's SQL injection cheatsheet: parameterized queries, safe ORM use, input validation, least privilege, and the exact patterns to ban in review.
SQL Injection Examples: Classic and Modern Attack Patterns
Real SQL injection examples from classic login bypass to blind, time-based, and ORM-era attacks, plus how to test for each one safely.
SQL Injection Prevention in 2022: Why It Still Happens and How to Stop It
SQL injection has been the top web vulnerability for over two decades. Modern frameworks help, but they do not make it impossible. Here is what still goes wrong.
Database Extensions as Supply Chain Risk: The Overlooked Attack Surface
PostgreSQL extensions, MySQL plugins, and database add-ons run with database-level privileges. A compromised extension has direct access to your data. Most organizations never audit them.
NoSQL Injection and MongoDB: Prevention Guide
NoSQL injection attacks exploit the query languages of non-relational databases to bypass authentication, extract data, and modify records. This guide focuses on MongoDB injection with defenses applicable to all NoSQL databases.