Security Test: SQL Injection via Frontend¶

Description¶

Default Severity:

SQL injection happens when user input is directly incorporated into an SQL query without proper checks, allowing attackers to manipulate the query and run their own commands. This can lead to unauthorized access, changes to or loss of data, service disruptions, or even full system control. The main pitfall is assuming that user input is safe and not using techniques like parameterized queries or prepared statements, which are essential to block these kinds of attacks.

Reference:

https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

Configuration¶

Identifier: frontend_injection/sql

Examples¶

All configuration available:

checks:
  frontend_injection/sql:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API9:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`6.5.1`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.14.2`
NIST	`SP800-53`
FedRAMP	`AC-7`
CWE	`89`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C`
CVSS Score	`8.7`