Falling victim to an SQL injection attack likely indicates the company’s system was old or not kept up to date, says Jonn Callahan, principal application security consultant at the security firm nVisium.

“Modern frameworks, when properly utilized, almost completely remove SQL injection as a vulnerability,” he says. “There are some edge cases where these protections do not apply, but simple input validation against an expected list of values is all that’s required to mitigate them. Due to both of these factors, SQL injection is a much more rare vulnerability in the modern appsec landscape.”

Read full article here