Documentation - V-255310

V-255310

Microsoft Azure SQL Database Security Technical Implementation Guide

CAT II

Title

Azure SQL Database must check the validity of all data inputs except those specifically identified by the organization.

Description

<VulnDiscussion>Invalid user input occurs when a user inserts data or characters into an application's data entry fields and the application is unprepared to process that data. This results in unanticipated application behavior, potentially leading to an application or information system compromise. Invalid user input is one of the primary methods employed when attempting to compromise an application. With respect to database management systems, one class of threat is known as SQL Injection, or...

Fix Text (Documentation Requirement)

Use parameterized queries, constraints, foreign keys, etc., to validate data input. Modify Azure SQL Database to properly use the correct column data types as required in the database.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel