Conversation

We’ve known about SQL injection attacks for a long time. Catch vulnerable code before it’s committed to your codebase. 🔍🔒

0:55

16.7K views

4:01 PM · Dec 29, 2022

Replying to

Irl footage of me catching SQLi ! 🤙😏

GIF

read image description

ALT

Replying to

What happens if the vulnerability is created by the merge commit from the PR to main? Maybe unlikely, but it would be nice to have the scan run on the main branch as part of the deployment pipeline, not only on PR branches.

Replying to

When will it available for pro subscribers?

Maarten Ballintijn

Replying to

Bobby Tables lives!

Replying to

Why not do this check for other types of exploits or viruses? PHP exploits are a good example to catch. And why do you need to press a button to do this? Just mark it on commit.

Replying to

What is a SQL injection?

Information Shrekurity

@infoshrek

Dec 29, 2022

Replying to

@github

I'd argue people stashing secrets and other important bits of information into public repositories is a bigger issue.

Replying to

To prevent Injection Vulnerabilities completely (taint checking or basic scanners aren’t good enough), you must use parameterised queries, and enforce their correct use by requiring a “developer defined string” for the SQL, HTML template, etc … eiv.dev

Dec	JAN	Feb
	02
2022	2023	2024