sql-injection
Safeguard articles tagged "sql-injection" — guides, analysis, and best practices for software supply chain and application security.
45 articles
PHP code security fundamentals: injection, deserialization, and file inclusion
PHP still powers over 70% of server-side websites, and its three oldest vulnerability classes — injection, deserialization, and file inclusion — remain the most common findings in 2026.
Preventing SQL Injection with Entity Framework
EF Core parameterizes every standard LINQ query by default — the real injection risk lives in three raw-SQL escape hatches Microsoft documents but developers still misuse.
Parameterized queries across languages: the real defense against SQL injection
SQL injection (CWE-89) still ranks #3 on the OWASP Top 10, but every major language has shipped a native, built-in fix for over a decade — most breaches happen anyway.
Preventing SQL injection in Node.js applications
CWE-89 is a 25-year-old bug class, but Node's template literals make it trivially easy to reintroduce in mysql2, pg, and even Sequelize's raw-query escape hatch.
Java SQL Injection Prevention: Parameterized Queries and Beyond
SQL injection is decades old and still breaching Java apps. Here's how to prevent it with prepared statements, JPA binding, and safe dynamic queries.
MOVEit Transfer (CVE-2023-34362) Explained: The SQL Injection Behind the Cl0p Mass Breach
CVE-2023-34362 is a SQL injection in Progress MOVEit Transfer that let unauthenticated attackers reach the database and drop a web shell. Cl0p used it to breach thousands of organizations.
Preventing SQL Injection in .NET with Entity Framework Core
How SQL injection still happens in Entity Framework Core apps, which EF Core APIs are safe by default, which ones aren't, and the exact patterns that keep raw SQL parameterized.
SQL Injection in Go: Why database/sql Is Safe Until You Reach for Sprintf
database/sql gives Go parameterized queries for free — yet SQL injection still ships in Go services through dynamic query building, ORM escape hatches, and misused identifiers. Here's the line you can't cross.
Preventing SQL Injection in Python
SQL injection is decades old and still ships to production. In Python it almost always comes down to one habit: building query strings instead of passing parameters.
Rails Security Best Practices: Strong Parameters, SQL, and Gems
Rails ships secure defaults, but mass assignment, string-interpolated SQL, and unvetted gems still cause real breaches. Here is how to hold the line.
OWASP A03: Injection Explained — A Deep-Dive Guide
Injection ranks #3 in the OWASP Top 10 (2021) and now includes XSS. A deep dive into SQLi, command injection, real CVEs, and how to detect and fix it in 2026.
SQL injection cheat sheet: 8 best practices to prevent it
SQL injection still breaches Fortune 500s in 2026. Here are 8 concrete practices — from parameterized queries to reachability analysis — that actually stop it.