Let's look at some of the most common attacks:
- SQL Injection: The injection of SQL code occurs when data supplied by the user is sent unfiltered to an interpreter as part of a query in order to modify the original behavior, to execute commands or arbitrary queries in the database. The attacker sends raw SQL statements in the request. If your server uses some of the request content to build SQL queries, it might perform the attacker's request on the database. In Python, though, if you use SQLAlchemy and avoid raw SQL statements altogether, you will be safe. If you use raw SQL, make sure every variable is correctly quoted. We can find more information and owasp documentation about this kind of injection at https://www.owasp.org/index.php/SQL_Injection ...