How Was SQL Injection Discovered?

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

SQL injection has become the scourge of the Internet era. Year after year, it is cited as one of the top security vulnerabilities on the Internet, responsible for countless data breaches.

Jeff Forristal, also known by the alias Rain Forrest Puppy, was one of the first people to ever document SQL injection. Forristal, now the CTO of mobile security vendor Bluebox Security, wrote the first public discussion about it, back in 1998.

In a video interview with eSecurity Planet, Forristal discusses how he chose his alias and how he first came across SQL injection.

Back in December of 1998, Forristal was writing about how to hack a Windows NT server and found something out of the ordinary. At that time in the late 1990s, few websites were using full Microsoft SQL server databases, he said. Instead many used simple Microsoft Access-based databases.

“I can completely change the way SQL works,” Forristal said. “At that point, there were no real security properties fronting a database.”

Even after all these years, Forristal is not surprised that SQL injection remains a large security concern.

“Certainly [SQL injection] is still there,” Forristal said. “From the perspective that it’s still prolific, yeah it’s an interesting problem, but core vulnerability classes are prolific in many places anyway.”

Watch the full video interview with Jeff Forristal below:

Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Sean Michael Kerner Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




Top Cybersecurity Companies

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis