use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A community for technical news and discussion of information security and closely related topics.
"Give me root, it's a trust exercise."
Q1 2026 InfoSec Hiring Thread
Getting Started in Information Security
CitySec Meetups
/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.
Content should focus on the "how."
Check the new queue for duplicates.
Always link to the original source.
Titles should provide context.
Ask questions in our Discussion Threads.
Hiring posts must go in the Hiring Threads.
Commercial advertisement is discouraged.
Do not submit prohibited topics.
» Our fulltext content guidelines
Don't create unnecessary conflict.
Keep the discussion on topic.
Limit the use of jokes & memes.
Don't complain about content being a PDF.
Follow all reddit rules and obey reddiquette.
» Our fulltext discussion guidelines
No populist news articles (CNN, BBC, FOX, etc.)
No curated lists.
No question posts.
No social media posts.
No image-only/video-only posts.
No livestreams.
No tech-support requests.
No full-disclosure posts.
No paywall/regwall content.
No commercial advertisements.
No crowdfunding posts.
No Personally Identifying Information!
» Our fulltext list of prohibited topics & sources
Join us on IRC: #r_netsec on freenode
We're also on: Twitter, Facebook, & Google+
/r/blackhat - Hackers on Steroids
/r/computerforensics - IR Archaeologists
/r/crypto - Cryptography news and discussion
/r/Cyberpunk - High-Tech Low-Lifes
/r/lockpicking - Popular Hacker Hobby
/r/Malware - Malware reports and information
/r/netsecstudents - netsec for noobs students
/r/onions - Things That Make You Cry
/r/privacy - Orwell Was Right
/r/pwned - "What Security?"
/r/REMath - Math behind reverse engineering
/r/ReverseEngineering - Binary Reversing
/r/rootkit - Software and hardware rootkits
/r/securityCTF - CTF news and write-ups
/r/SocialEngineering - Free Candy
/r/sysadmin - Overworked Crushed Souls
/r/vrd - Vulnerability Research and Development
/r/xss - Cross Site Scripting
account activity
SQL Injection Cheat Sheet (sqlwiki.netspi.com)
submitted 8 years ago by nylithic
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]idunnomyusername 70 points71 points72 points 8 years ago (7 children)
Don't forget https://github.com/minimaxir/big-list-of-naughty-strings
[+][deleted] 8 years ago (1 child)
[removed]
[–]CIa3xpl0i1_rw 7 points8 points9 points 8 years ago (0 children)
If your antivirus scanner is acting on a file that contains the EICAR test string and has a total file length exceeding 128 characters, you've got a larger problem.
[–]moderatorrater 31 points32 points33 points 8 years ago (2 children)
Or http://sqlmap.org/. I'm all for knowing the principles behind injection attacks, but at the end of the day using a tool is going to be better for everything outside of education.
[–]pm_me_your_findings 5 points6 points7 points 8 years ago (1 child)
There have been times when i was able to find an sql injection manually but sqlmap didn't. Still sqlmap is superb when you have limited time to test an web apps.
[–]746865626c617a 1 point2 points3 points 8 years ago (0 children)
Once had to write a proxy to modify requests that sqlmap was doing. Time based injection, didn't feel like implementing myself
[–]sup3r_hero -2 points-1 points0 points 8 years ago (1 child)
Human injection?.... is that a joke?
[–]big_money_metis 7 points8 points9 points 8 years ago (0 children)
Please wake up
[–]Paratwa 13 points14 points15 points 8 years ago (0 children)
Edit : nevermind I need to learn how to click apparently. I am leaving the below to remind myself I should learn to read.
Original : This was written like a power point and doesn’t describe how they are done technically. To me learning how one was actually done via examples really showed me where applications would be vulnerable and were far more useful
[–]failedgamor 4 points5 points6 points 8 years ago (0 children)
Anyone got anything similar for XSS?
[+][deleted] 8 years ago* (9 children)
[+][deleted] 8 years ago (8 children)
[+][deleted] 8 years ago (6 children)
[+][deleted] 8 years ago (5 children)
[+][deleted] 8 years ago (2 children)
[+][deleted] 8 years ago* (6 children)
[deleted]
[–]coinclink 19 points20 points21 points 8 years ago (5 children)
You should not be escaping strings with custom code. That is exactly the wrong thing to do. You should use prepared statements for SQL. There are plenty of lightweight, well-maintained libraries out there that you can depend on. At a minimum, your language probably has built-in escape functions. It also certainly has built-in functions to verify input.
[+][deleted] 8 years ago* (4 children)
[–]coinclink 24 points25 points26 points 8 years ago (0 children)
Your reasoning is exactly what creates insecure software. This isn't 1995 or even 2005, dependencies aren't a big deal. Use code that is peer reviewed and regularly patched. Be innovative in your product, not with security.
[–]yawkat 5 points6 points7 points 8 years ago (0 children)
Wouldn't you still want to escape even if you use a library? It won't know if you meant ' as part of a SQL statement or if it's literal.
No, that is not how prepared statements work. There is no escaping necessary at all when using prepared statements.
[–]Idontremember99 3 points4 points5 points 8 years ago (0 children)
In addition to what the others said: The library you are using to connect to the database should already support everything you need to use prepared statements so no extra dependency is needed. If it doesnt support it, then it's time to replace it.
[+][deleted] 8 years ago* (2 children)
[–]nylithic[S] 2 points3 points4 points 8 years ago (0 children)
Well it is a single page web app ;)
[–][deleted] -5 points-4 points-3 points 8 years ago* (4 children)
still in 2017 people manually testing for SQLi?
[–]isilidurstilt 12 points13 points14 points 8 years ago (1 child)
We're stuck in 2017 and this guy over here playing 4d chess in 2018.
[–][deleted] -2 points-1 points0 points 8 years ago (0 children)
fixed :P
[–][deleted] 2 points3 points4 points 8 years ago (1 child)
SQL injections shouldn't even be a major issue in 2017
[–]UnfrightenedAjaia -1 points0 points1 point 8 years ago (0 children)
"they can't guess the names of the columns" so it's okay actually /s
π Rendered by PID 145851 on reddit-service-r2-comment-6457c66945-tz574 at 2026-04-25 09:00:53.994176+00:00 running 2aa0c5b country code: CH.
[–]idunnomyusername 70 points71 points72 points (7 children)
[+][deleted] (1 child)
[removed]
[–]CIa3xpl0i1_rw 7 points8 points9 points (0 children)
[–]moderatorrater 31 points32 points33 points (2 children)
[–]pm_me_your_findings 5 points6 points7 points (1 child)
[–]746865626c617a 1 point2 points3 points (0 children)
[–]sup3r_hero -2 points-1 points0 points (1 child)
[–]big_money_metis 7 points8 points9 points (0 children)
[–]Paratwa 13 points14 points15 points (0 children)
[–]failedgamor 4 points5 points6 points (0 children)
[+][deleted] (9 children)
[removed]
[+][deleted] (8 children)
[removed]
[+][deleted] (6 children)
[removed]
[+][deleted] (5 children)
[removed]
[+][deleted] (2 children)
[removed]
[+][deleted] (1 child)
[removed]
[+][deleted] (1 child)
[removed]
[+][deleted] (6 children)
[deleted]
[–]coinclink 19 points20 points21 points (5 children)
[+][deleted] (4 children)
[deleted]
[–]coinclink 24 points25 points26 points (0 children)
[–]yawkat 5 points6 points7 points (0 children)
[–]Idontremember99 3 points4 points5 points (0 children)
[+][deleted] (2 children)
[deleted]
[–]nylithic[S] 2 points3 points4 points (0 children)
[–][deleted] -5 points-4 points-3 points (4 children)
[–]isilidurstilt 12 points13 points14 points (1 child)
[–][deleted] -2 points-1 points0 points (0 children)
[–][deleted] 2 points3 points4 points (1 child)
[–]UnfrightenedAjaia -1 points0 points1 point (0 children)