A SQL injection is a security attack that is as dangerous as it is ingenious. By abusing the data input mechanisms of an application, an attacker can manipulate the generated SQL query to their advantage, which can cause catastrophic events. Many people today might consider SQL injections a thing of the past. In truth, they’re anything but. For instance, 70% of the security exploit attempts on Rails apps analyzed in Sqreen’s State of Application Security Report were SQL injections. This finding shows that even a robust framework such as Ruby on Rails—which counts as a tried and true ORM in the form of Active Record—is not a silver bullet when it comes to SQL injections. SQL injection is still top of the list of most common security threats to web apps, and it has been there for quite a while. What are organizations supposed to do to avoid this problem, then? Education is the key. And that’s what this post is about: educating people about not only ...