Although it is easier to see the benefits of using JSON as an interchange format because it is lightweight, I still believe that XML is more elegant and verbose than JSON. One of the complains for JSON has been the lack of schemas, although there are some ways around that in projects such as Apache Avro https://avro.apache.org/, registry schemas and all that Jazz
Kind of, if you have a centralized place to perform input data validation, as it should, then it is just a matter to test that piece of code same if you are using a framework. However, I don't understand why you refer to a db in the first place? Is it because I used the injection attack as an example? if that's the case bare in mind that Injection target other interprets as well not only a db.
But getting back to my original idea, what I want to highlight the need of adding cases to cover application security.
That's actually, IMHO, a good asset that comes out of a good test and code coverage.
I would be worried if after adding new piece of code or modifying an existing code if there is not a test that tells me that something is broken due my code.
The author does not cover any question related to application security. Things like is this parameter/input value properly sanitized, does this piece is/is not vulnerable to injection attacks, does this piece of code performs authentication/authorization checks? Is RBAC properly implemented for this method?
Interesting article. I live in Costa Rica in the country side in the mountain and we are experiencing the same issue here. Back in the date, there were really big grasshoppers and all kind of colorful bugs. Now they no longer exists. I tried to blame the bad agricultural practices the do a heavy usage of pesticides.