Big in Japan

It’s not quite a Spinal Tap moment, but here’s a curious translation via Google.

Here’s the text from the original article1:

“Given the types of hacks that made the news in the last 12 months it’s not surprising that SQL Injection is high on the list,” Mike Shema, engineering lead for the Qualys Web application scanning service told “What is surprising is that the countermeasures to SQL injection are well-known, effective, and available in all of the major programming languages used in web apps — for at least half a decade.”

And the output after putting a Japanese version2 of the article through Google translate:

Mr. Mike Shema He has served as an engineering lead in Qualys vulnerability management for Web applications, said in an interview as follows. “Given the type of hacking made headlines during the past 12 months, that’s up to the top of the list of SQL injection is not surprising.’s Surprising is to measure at least 5 years SQL injection is not well known, effective, and it is in a state that can be used in all major programming languages used in Web Applications”

I love the fact that my cynical observation of Advanced Persistent Ignorance was turned on its head to clearly explain three reasons why SQL injection survives to this day:

  • it’s not well known,
  • it’s effective,
  • and (my favorite part) it can be used in all major programming languages.

It sounds so much better that way!



Published by Mike Shema

Mike works with product security and DevSecOps teams to build safer applications. He also writes about information security, with an infusion of references to music (80s), sci-fi (apocalyptic), and horror (spooky) to keep the topics entertaining. He hosts the Application Security Weekly podcast.

%d bloggers like this: