"A Chinese Language Teacher's API Security Check (2) : SQL Injection, XSS, Prompt Hijacking - All…

1 / 5

"A Chinese Language Teacher's API Security Check (2) : SQL Injection, XSS, Prompt Hijacking - All Prevented

DEV Community·xiaoqiangapi·about 1 month ago

#QeDO2zff

#buildinpublic #test #comment #security #attack #injection

Reading 0:00

15s threshold

Hello everyone, I'm @xiaoqiangapi , the Chinese teacher who gives apis a "check-up". [An article on] (HTTP: / / https://dev.to/xiaoqiangapi3721/a-chinese-language-teachers-api-security-checkup-1-passing-all-three-certification-checkpoints-3d1e , I tested the most basic authentication mechanisms - no Key, wrong Key, empty requests - and the API blocked them all. But authentication is just the first gate. Today we're going to test something even tougher: ** Will the API be fooled if someone deliberately inputs malicious code? ** I'm not a security expert. I only use Postman and curl. Test one item at a time, record honestly, no exaggeration. Test (4) : SQL Injection Test purpose : To see if the API executes malicious SQL commands when someone tries to "steal the database" through the chat box. Conclusion : The model recognizes this as a malicious SQL statement, rejects execution and returns a security warning. ✅ Passed — SQL injection attack blocked, database protected.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

"A Chinese Language Teacher's API Security Check (2) : SQL Injection, XSS, Prompt Hijacking - All Prevented