It has been observed that SQL Injection (SQLi) is one of the most common ways for hacking an application. Open Web Application Security Project (OWASP) is an organization that focuses on application security. They work towards helping organizations in providing awareness and training people about application security. They also help organizations in securing their applications. In their report related to the top ten application security risks, SQL Injection (SQLi) was featured as a top threat. Based on the Q4 2017 State of the Internet / Security Report by Akamai, in year 2017, there was around 62% increase in SQLi attacks when compared to the previous year. Web applications are the key targets of SQLi attacks.
Following are some examples of SQLi-based hacking in 2017:
- DaFont.com was a target of security breach wherein the hacker could crack in and obtain email addresses and passwords. He found an SQL-injection vulnerability and made his way through successfully. You can read more about it at: Font sharing site DaFont has been hacked, exposing thousands of accounts.
- Cloudflare’s software was another target. Hackers could easily access passwords and authentication tokens. You can read more about it at: Serious Bug Exposes Sensitive Data From Millions Sites Sitting Behind CloudFlare.
- Hackers also targeted Securities and Exchange Commission (SEC) by using vulnerabilities within an application. This access gave them insider information to trade unlawfully. You can read more about it at: SEC admits data breach, suggests illicit trading was key.