SQL injection has been a major security risk since the early days of the internet. Find out what's at risk, and how cybersecurity pros can defend their organizations.

Every API worth using supports them, and yet SQL injection flaws remain in abundance. Commercial software, open source software, custom-developed software—they're all afflicted.

Today’s attack was achieved using “blind SQL injection”, targeting MySQL.com, MySQL.fr, MySQL.de and MySQL.it, but also two Sun domains.

Researchers say a bug let them add fake pilots to rosters used for TSA checks. TSA security could be easily bypassed by using a simple SQL injection technique, say security researchers.