The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint alert about making software secure by eliminating SQL injection vulnerabilities. This was in response to a recent major incident involving SQL injection that affected thousands of organizations and emphasizes how common this type of security flaw is.
Even though SQLi flaws are well-known and preventable, developers still create software with these vulnerabilities, endangering numerous users.
CISA and the FBI advise leaders of tech manufacturing companies to check their code for SQL injection risks. If there are vulnerabilities, executives must make sure their software teams fix the issue in all present and future software.
For guidelines and best practices, visit the CISA Secure by Design page. To see previous publications, check Secure by Design Alerts.