In case you missed it, injection claimed the number 3 spot in OWASP's updated Top 10 application security risks for 2021. Today, I'm going to highlight some of the reasons why injection is such a formidable threat, despite it falling two spaces from the number 1 slot on OWASP's 2017 list.
But before we begin, I'd like to start off with a short but true story of how I got here.
The 3 letters that changed my life
A few decades ago, back in my web development days, I was working on a community-type website. This was post-MySpace and pre-Facebook — so yeah, that long ago. Back then, CMSs like WordPress and Joomla were just taking off but still all the rage. So with the LAMP stack complete and the CMS deployed, it was time to install the community component for the website. There weren't many third-party solutions available back then — so when I found a component that offered individual profiles, message boards, picture uploads, AND a chat, I jumped on it.
A few days into getting the website configured and running, I noticed another admin user in the DB. My first thought was, “I don't remember creating a second admin account," and my second thought was, “Oh no, I've been hacked".
Turns out the latter was true. Not even a week into building the website, it was hacked.
Now, any sane developer would have immediately torn down the server, scrambled for backups, searched for a different hosting provider, and started over. But not me — I needed to know how this happened. So I went straight to the horse's mouth: I asked the person ..
Support the originator by clicking the read the rest link below.
