34
you are viewing a single comment's thread
view the rest of the comments
[-] vk6flab@lemmy.radio 4 points 3 months ago

So how does that SQL statement make it into the database in the first place?

[-] bamboo@lemmy.blahaj.zone 2 points 3 months ago

I'd imagine that would depend on the deployment and environment. Chaining exploits is not unheard of. Maybe a lazy dev figured it's easier to stop a devastating SQL injection by just restricting the permissions of the client connecting. Or maybe you have an intern with malicious intentions to destroy your company, but you only gave them read access to the database so you assume they can't drop tables.

Basically taking the Swiss Cheese Model approach, there may be security gaps in the front line but as long as subsequent lines of defense don't also have big holes, the risk is minimized.

this post was submitted on 13 Aug 2024
34 points (100.0% liked)

Cybersecurity

5754 readers
91 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS