Injection: SQL Injection¶

Identifier: sql_injection_agent

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

SQL injection vulnerabilities occur when applications build SQL queries using untrusted user input without proper validation, allowing attackers to inject malicious SQL commands that can read or modify data, shut down the database, or gain system control.

How we test: We use AI-powered analysis to intelligently craft SQL injection payloads and test injection points. We inject various SQL injection payloads into request parameters and analyze responses to detect if SQL queries are executed. We test for various SQL injection techniques including union-based, error-based, blind, and time-based attacks, and check if user input is properly sanitized before being used in database queries.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  sql_injection_agent:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.