CISA Seeks to Curtail Unforgivable SQL Injection Defects

  /     /     /  
Publicated : 23/11/2024   Category : security


CISA Seeks to Curtail Unforgivable SQL Injection Defects


In a joint alert with the FBI, CISA seeks to tamp down the pervasiveness of a well-known class of bugs.



SQL injection vulnerabilities continue to plague supply chains, prompting a joint alert from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on developing safer software products.
CISA and the FBI said this week that the new Secure by Design guidance is in direct response to the recent broad exploitation of an
SQLi defect
in the
MoveIT file transfer application
.
SQL injection vulnerabilities allow threat actors to inject their own data into SQL commands, allowing them to perform arbitrary queries to access sensitive information inside the database.
Despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers continue to develop products with this defect, which puts many customers at risk, the
joint Secure by Design Alert
said. Vulnerabilities like SQLi have been considered by others an unforgivable vulnerability since at least 2007. Despite this finding, SQL vulnerabilities (such as CWE-89) are still a prevalent class of vulnerability.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISA Seeks to Curtail Unforgivable SQL Injection Defects