Skip to content

Security Test: SQL Injection via Frontend

Description

Default Severity:

SQL injection happens when user input is directly incorporated into an SQL query without proper checks, allowing attackers to manipulate the query and run their own commands. This can lead to unauthorized access, changes to or loss of data, service disruptions, or even full system control. The main pitfall is assuming that user input is safe and not using techniques like parameterized queries or prepared statements, which are essential to block these kinds of attacks.

Reference:

Configuration

Identifier: frontend_injection/sql

Examples

All configuration available:

checks:
  frontend_injection/sql:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API9:2023
OWASP LLM Top 10 LLM06:2023
PCI DSS 6.5.1
GDPR Article-32
SOC2 CC1
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-53
FedRAMP AC-7
CWE 89
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C
CVSS Score 8.7