The US cybersecurity agency CISA and the FBI published an alert on Monday calling for organizations to eliminate SQL injection vulnerabilities in their software products. These flaws represent a class of security defects in commercial software, despite consistent documentation and the presence of effective mitigations.
Products vulnerable to SQLi put many customers at risk. CISA and the FBI called for technology manufacturers to mount a formal review of their code to determine their susceptibility to these compromises. Organizations should start implementing mitigations if these bugs are discovered. A secure-by-design approach to software development can eliminate these vulnerabilities and protect products from malicious exploitation.
Read More: US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities