SQL Injection
criticalsql-injection
Attacker injects malicious SQL queries through user input to manipulate database operations
TamperingInformation Disclosure
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1059 | Command and Scripting Interpreter | Execution |
Common Weakness Enumeration
Mitigating controls
ctrl-sql-1- Implement parameterized queries or prepared statements
ctrl-sql-2- Apply strict input validation and sanitization
ctrl-sql-3- Use ORM frameworks that automatically escape inputs
ctrl-sql-4- Implement least-privilege database accounts
ctrl-sql-5- Enable database activity monitoring and alerting