Drew Hengehold

Takeaways:

Injecting false data into a database is the quickest way 
past a system:   The Steve Friedl article demonstrates how easy
it is to update or insert false information into a database
when there is no sanitization. This inserted information can 
then be used to login and navigate the website. Just
one input that's unsanatized is enough to do this, so ensuring
proper sanitization everywhere is essential. 

Naming conventions can easily give information away:   By making
a name = email or something easy to guess, you make the possibility
of injection much much easier. Better is to be more specific and 
clear with your names, making them more elaborate and much more
difficult to guess. The more difficult it is to guess and check
the less likely failures in sanitization will be catastrophic.

Databases can be breachable if not properly designed so have
redundant measures to protect data:    Even if output is restricted
and error messages are hidden, it's still possibe to guess and check
or figure out work arounds. To avoid having valuable data breached
like credit card number or passwords, its important to hash or 
encrypt this information. Adding in triggers or constraints to inhibit
traversal of a database and ensuring actions like updates only happen
in places they're soposed to is a good way to reinforce you database.

Overall, the easiest way to prevent an attack is to sanatize
the user input.