Documentation - V-222607

V-222607

Application Security and Development Security Technical Implementation Guide

CAT I

Title

The application must not be vulnerable to SQL Injection.

Description

<VulnDiscussion>SQL Injection is a code injection attack against database applications. Malicious SQL statements are inserted into an application data entry field where they are submitted to the database and executed. This is a direct result of not validating input that is used by the application to perform a command or execute an action. Successful attacks can read data, write data, execute administrative functions within the database, shutdown the DBMS, and in some cases execute OS commands. ...

Fix Text (Documentation Requirement)

Modify the application and remove SQL injection vulnerabilities.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel