Back in the late 1990s, SQL injection changed the trajectory of application security. Attackers realized they could manipulate backend databases simply by inserting malicious code into user inputs.