Nicole Holden

Principal Application Security Engineer

Nicole Holden is EDB's Principal Application Security Engineer and works on the Information Security Team. She is committed to helping EDB achieve its security goals, especially in areas related to Application and Offensive Security. 

Nicole started her security journey at the Rochester Institute of Technology, where she graduated Magna Cum Laude with a Bachelors in Computer Security and Software Engineering. From there she dove into the trenches of information security, working as a penetration tester while beginning the process of developing a cutting edge Application Security Program. In addition to her role at EDB Nicole is active in the security community, speaking as an Application Security and Offensive Security expert at conferences, writing the occasional security blog post, and mentoring professionals looking to enter the Information Security space and grow their careers.

Read Blogs

Postgres Tutorials

Protecting Against SQL Injection

In March of 2024 CISA issued the following advisory related to SQL injection (SQLi): Secure by Design Alert - Eliminating SQL Injection Vulnerabilities in Software. SQL Injection is one of the most pervasive and damaging vulnerability types database administrators and developers are tasked with defending against. According to CISA “SQL injection vulnerabilities involve the insertion of user-supplied input directly into a SQL command, allowing threat actors to execute arbitrary queries. SQLi vulnerabilities are caused by software developers’ inattention to security best practices, resulting in the co-mingling of database queries and user-supplied data.” When exploited, attackers can gain unauthorized access to sensitive data, modify database contents, or even execute arbitrary commands on the underlying server. The consequences of a successful SQL injection attack can be catastrophic, leading to compromised customer information, financial loss, damaged reputation and regulatory penalties.