The Open Worldwide Application Security Project (OWASP), in an effort to make developers aware of common security vulnerabilities, maintains a webpage defining SQL injection. SQL, or Structured Query Language, is the language software developers use to read, edit, and manage databases. If a website or application is poorly designed, it may be possible for normal users to issue SQL commands to the underlying database. With SQL injection, bad actors can access restricted information, edit database entries, and even delete a database entirely. OWASP provides examples of SQL injection, implores developers to secure their applications against such an attack, then links to several resources that explain how to remedy this vulnerability.
