SQL Injection : Common but Lethal
You ask a user for his/her username or id to add to the input boxes of your front-end web application.The user gives you an SQL statement containing a malicious code. As the input boxes are linked to your database account, the malformed SQL statement tricks your database into providing greater access to information than what you intended. You have unknowingly become the victim of an SQL attack and your data may have been compromised.
SQL injections are a top attack vector, accounting for 19% of security breaches, according to the Web Hacking Incidents Database (WHID). They have been around for 20 years, and are only getting more sophisticated thanks to Google searches and automated bots.
Unless you have the right defense in place, your database will remain vulnerable to attacks that attempt to either steal information or launch further attacks.