SQL injection vulnerabilities continue to plague supply chains, prompting a joint alert from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on developing safer software products.
CISA and the FBI said this week that the new Secure by Design guidance is in direct response to the recent broad exploitation of an SQLi defect in the MoveIT file transfer application.
SQL injection vulnerabilities allow threat actors to inject their own data into SQL commands, allowing them to perform arbitrary queries to access sensitive information inside the database.
“Despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers continue to develop products with this defect, which puts many customers at risk,” the joint Secure by Design Alert said. “Vulnerabilities like SQLi have been considered by others an ‘unforgivable’ vulnerability since at least 2007. Despite this finding, SQL vulnerabilities (such as CWE-89) are still a prevalent class of vulnerability.”
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://www.darkreading.com/cyberattacks-data-breaches/cisa-seeks-to-stem-unforgivable-sql-injection-defects
