Safeguard
Tag

sql-injection

Safeguard articles tagged "sql-injection" — guides, analysis, and best practices for software supply chain and application security.

45 articles

Application Security

PHP code security fundamentals: injection, deserialization, and file inclusion

PHP still powers over 70% of server-side websites, and its three oldest vulnerability classes — injection, deserialization, and file inclusion — remain the most common findings in 2026.

Jul 8, 20267 min read
Application Security

Preventing SQL Injection with Entity Framework

EF Core parameterizes every standard LINQ query by default — the real injection risk lives in three raw-SQL escape hatches Microsoft documents but developers still misuse.

Jul 8, 20266 min read
Best Practices

Parameterized queries across languages: the real defense against SQL injection

SQL injection (CWE-89) still ranks #3 on the OWASP Top 10, but every major language has shipped a native, built-in fix for over a decade — most breaches happen anyway.

Jul 8, 20267 min read
Application Security

Preventing SQL injection in Node.js applications

CWE-89 is a 25-year-old bug class, but Node's template literals make it trivially easy to reintroduce in mysql2, pg, and even Sequelize's raw-query escape hatch.

Jul 7, 20267 min read
Security Guides

Java SQL Injection Prevention: Parameterized Queries and Beyond

SQL injection is decades old and still breaching Java apps. Here's how to prevent it with prepared statements, JPA binding, and safe dynamic queries.

Jul 5, 20265 min read
Vulnerability Analysis

MOVEit Transfer (CVE-2023-34362) Explained: The SQL Injection Behind the Cl0p Mass Breach

CVE-2023-34362 is a SQL injection in Progress MOVEit Transfer that let unauthenticated attackers reach the database and drop a web shell. Cl0p used it to breach thousands of organizations.

Jul 5, 20265 min read
Security Guides

Preventing SQL Injection in .NET with Entity Framework Core

How SQL injection still happens in Entity Framework Core apps, which EF Core APIs are safe by default, which ones aren't, and the exact patterns that keep raw SQL parameterized.

Jul 3, 20266 min read
Security Guides

SQL Injection in Go: Why database/sql Is Safe Until You Reach for Sprintf

database/sql gives Go parameterized queries for free — yet SQL injection still ships in Go services through dynamic query building, ORM escape hatches, and misused identifiers. Here's the line you can't cross.

Jul 3, 20266 min read
Security Guides

Preventing SQL Injection in Python

SQL injection is decades old and still ships to production. In Python it almost always comes down to one habit: building query strings instead of passing parameters.

Jul 3, 20265 min read
Security Guides

Rails Security Best Practices: Strong Parameters, SQL, and Gems

Rails ships secure defaults, but mass assignment, string-interpolated SQL, and unvetted gems still cause real breaches. Here is how to hold the line.

Jul 3, 20265 min read
Security Guides

OWASP A03: Injection Explained — A Deep-Dive Guide

Injection ranks #3 in the OWASP Top 10 (2021) and now includes XSS. A deep dive into SQLi, command injection, real CVEs, and how to detect and fix it in 2026.

Jul 2, 20266 min read
Application Security

SQL injection cheat sheet: 8 best practices to prevent it

SQL injection still breaches Fortune 500s in 2026. Here are 8 concrete practices — from parameterized queries to reachability analysis — that actually stop it.

May 31, 20267 min read
sql-injection — Safeguard Blog