Request for Proof of Data Input Validity and Assurance Against SQL Injection
STIG mandates that our DBMS code should be designed to prevent SQL injection. While STIG acknowledges the challenges posed by external application vendors, it emphasizes that we must, at a minimum, obtain assurances from your development organization that this issue has been addressed. Additionally, we are required to document our findings.
In This context, we kindly request if you can provide
Proof of data input validity mechanisms implemented within your application .
Assurance that your application has measures in place to protect against SQL injection attacks.
Furthermore, we are considering the implementation of an F5 web Application Firewall (WAF) to provide additional protection against various web attacks. Any insights or recommendations you can provide regarding this approach would be highly appreciated.
We look forward to your prompt response and appreciate your cooperation in helping us meet our security requirements.
Best Regards,
Mohashin Mostafa
Leidos / Systems Engineer Integration & Configuration
mostafam@leidos.com
929-253-8007
Hello Ann, thanks for your reply. I did go through that post , but it doesn’t really clarify on Data input validity and Assurance Against SQL Injection, is there any other article or documentation you can point me to that can answer my request? Thank you!
Hello Alexandre would you be able to help me with this request I have for SonarQube.
We are currently enhancing the security posture of our application environment to comply with state regulations and the requirements set forth by STIG (Security Technical implementation Guide). A key focus of this environment is to ensure the protection of our database management systems (DBMS) against SQL injection attacks.
STIG mandates that our DBMS code should be designed to prevent SQL injection. While STIG acknowledges the challenges posed by external application vendors, it emphasizes that we must, at a minimum, obtain assurances from your development organization that this issue has been addressed. Additionally, we are required to document our findings.
In This context, we kindly request the following from your team:
Proof of data input validity mechanisms implemented within your application .
Assurance that your application has measures in place to protect against SQL injection attacks.
Furthermore, we are considering the implementation of an F5 web Application Firewall (WAF) to provide additional protection against various web attacks. Any insights or recommendations you can provide regarding this approach would be highly appreciated.
We look forward to your prompt response and appreciate your cooperation in helping us meet our security requirements.
Best Regards,
Mohashin Mostafa
Leidos / Systems Engineer Integration & Configuration
mostafam@leidos.com
929-253-8007