HolyGhost logoHolyGhost

#injection

4 posts

Analysis

SQL Injection: When Your Input Becomes the Database's Command

SQL injection turns a login box or search field into a way to read, change, or destroy a database. Here is how it works, the flavours it takes, and the one fix that actually stops it.

10 min read·#sql-injection#web-security#databases
Analysis

Insecure Deserialization: Trusting a Blob of Bytes Too Much

Turning saved data back into live objects sounds harmless. When the data comes from an attacker, it can lead to remote code execution. Here is how insecure deserialization works and how to avoid it.

8 min read·#deserialization#web-security#rce