Courriel 3 sur 575 Précédent Suivant change-formatchange-format Objet: Comment: CISA and FBI urges software devs to eliminate SQL injection vulnerabilities
March 2024 by Sylvain Cortes, VP Strategy at Hackuity
“CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organisations’ software and implement mitigations to eliminate SQL injection (SQLi) security vulnerabilities before shipping”, reports Bleeping Computer.
Sylvain Cortes, VP Strategy, Hackuity, comments:
“It’s good to see the latest advice from the CISA and FBI urging tech manufacturers to review their software and eliminate SQL injection vulnerabilities before distributing. Prevention at source truly is the best method of defence, before a customer even has their hands on the software.
Attackers can exploit vulnerabilities in applications by “injecting” malicious SQL queries with the intention of extracting or deleting sensitive data from the database. This could lead to catastrophic events for the victims, such as data breaches or even a complete takeover of systems with the aim of holding companies at ransom or selling their data on the dark web for profit.”