Injection: SQL Injection¶
Identifier:
sql
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner |
|---|---|---|
Description¶
SQL injection happens when an application builds SQL queries using untrusted user input without proper checks, letting attackers sneak in their own commands. This flaw can let criminals read or change your data, shut down the database, or even gain control over your system. It usually occurs when developers put user input directly into queries without using safer methods like parameterized queries, leaving the door open for malicious manipulation. Ignoring proper input handling can lead to severe data breaches and system compromises, so it's crucial to always validate, sanitize, or use prepared queries for any user- supplied data.
Configuration¶
Example¶
Example configuration:
---
security_tests:
sql:
assets_allowed:
- REST
- GRAPHQL
- WEBAPP
dedupe_query_params_by_name: true
skip: false
Reference¶
assets_allowed¶
Type : List[AssetType]*
List of assets that this check will cover.
dedupe_query_params_by_name¶
Type : boolean
When true, deduplicate fuzzing by parameter name across URLs. The same query param will be fuzzed only once across all URLs.
skip¶
Type : boolean
Skip the test if true.