SQL Injection

// Definition

An attack where untrusted input is concatenated into a SQL query, letting an attacker exfiltrate or modify data. Mitigated with parameterised queries and ORM usage. Tested with crafted payloads at every input that reaches the database.

// Why it matters

SQLi lets attacker input alter the query it lands in — reading, modifying, or destroying data, or bypassing auth entirely. QA's role is to probe every input that could reach a query (filters, search, login, sort params) with breaking characters, and to confirm the app uses parameterised queries rather than string-built SQL.

// How to test

// Classic auth-bypass probe — must NOT log in
cy.request({
  method: 'POST',
  url: '/api/login',
  body: { username: "admin' OR '1'='1", password: 'x' },
  failOnStatusCode: false,
}).its('status').should('eq', 401)

// Error-based probe — a single quote must not 500 with a SQL error
cy.request({ url: `/api/search?q=%27`, failOnStatusCode: false })
  .then((res) => expect(res.status).to.not.eq(500))

// Related terms

• XSS (Cross-Site Scripting)

  An attack where attacker-controlled JavaScript executes in another user's browser, often via unescaped input rendered into HTML. Categories include reflected, stored, and DOM-based. Mitigated by output encoding and a strict Content Security Policy.

• Fuzzing

  Feeding malformed, random, or unexpected inputs to a system to expose crashes, memory issues, and security flaws. Effective at finding bugs that hand-written tests miss because real users would never type such inputs.

• Vulnerability Scanning

  Automated scanning of code, dependencies, or running systems for known security weaknesses (CVEs, misconfigurations). Cheap, continuous, and noisy — best paired with manual penetration testing for deeper coverage.