SQL injection: when a prepared statement is not enough...

Posted on by  
Nanne Baars

An SQL injection attack consists of insertion or "injection" of a malicious data via the SQL query input from the client to the application. In our example project we have a small Spring Boot based blog application. This application exposes an endpoint to fetch blog articles based on the author:

When we call the endpoint, we will receive:

Continue reading →