SQL Injection
Description
A SQL injection vulnerability occurs when users can insert - inject - malicious SQL code in a legit SQL query that is built from user-submitted input. A successful SQL injection exploit can read sensitive data from the database, modify database data, execute administration operations on the database (such as shutting down the DBMS), recover the content of a given file from the DBMS file system and in some cases issue commands to the operating system.
Remediation
Primary defenses:
- Use of Prepared Statements (with parameterized queries). This prevention techniques is the most effective one as it will completely shutdown any SQL injection attacks. Keep in mind that prepared statements must be used everywhere, even if no user inputted data is found in the query.
- Use of Stored Procedures.
- Allow-list Input Validation. Usage whitelist is recommended to prevent SQL injection attacks as whitelisting is more effective then black listing.
- Escaping all user supplied input.
Additional defenses:
- Enforcing Least Privilege.
- Performing Allow-list Input Validation as a secondary line of defense.
GraphQL Specific
Apollo
Yoga
Awsappsync
Graphqlgo
Graphqlruby
Hasura
REST Specific
Asp_net
Ruby_on_rails
Next_js
Laravel
Express_js
Django
Symfony
Spring_boot
Flask
Nuxt
Fastapi
Configuration
Identifier:
injection/sql
Options
- skip_objects : List of object that are to be skipped by the security test.
Examples
Ignore this check
checks:
injection/sql:
skip: true
Score
- Escape Severity: HIGH
Compliance
OWASP: API9:2023
pci: 6.5.1
gdpr: Article-32
soc2: CC1
psd2: Article-95
iso27001: A.14.2
nist: SP800-53
fedramp: AC-7
Classification
- CWE: 89
Score
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C
- CVSS_SCORE: 8.7