myctrl.tools
Compare

SBD-ALERT-5Eliminating SQL Injection Vulnerabilities

>Control Description

CISA Secure by Design Alert (March 25, 2024): Technology manufacturers should eliminate SQL injection vulnerabilities (CWE-89) from their products by universally using parameterized queries (prepared statements), adopting ORM frameworks that prevent raw SQL injection, and auditing codebases for existing SQL injection patterns. SQL injection has been a known vulnerability class for over 25 years and should be completely preventable.

>Related Controls

SBD-PLEDGE-3

Ask AI

Configure your API key to use AI features.