Today, CISA and the Federal Bureau of Investigation (FBI) released a
  joint Secure by Design Alert, [1]Eliminating SQL Injection
  Vulnerabilities in Software. This Alert was crafted in response to a
  recent, [2]well-publicized exploitation of SQL injection (SQLi) defects
  in a managed file transfer application that impacted thousands of
  organizations. Additionally, the Alert highlights the prevalence of
  this class of vulnerability.

  Despite widespread knowledge and documentation of SQLi vulnerabilities
  over the past two decades, along with the availability of effective
  mitigations, software manufacturers continue to develop products with
  this defect, which puts many customers at risk.

  CISA and the FBI urge senior executives at technology manufacturing
  companies to mount a formal review of their code to determine its
  susceptibility to SQLi compromises. If found vulnerable, senior
  executives should ensure their organizations’ software developers begin
  immediate implementation of mitigations to eliminate this entire class
  of defect from all current and future software products.

  For more information on recommended principles and best practices to
  achieve this goal, visit CISA’s [3]Secure by Design page. To catch up
  on the publications in this series, visit [4]Secure by Design Alerts.

References

  1. https://www.cisa.gov/resources-tools/resources/secure-design-alert-eliminating-sql-injection-vulnerabilities-software
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
  3. https://www.cisa.gov/securebydesign
  4. https://www.cisa.gov/securebydesign/alerts

You are viewing proxied material from 1436.ninja. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.