Hello Alexandre would you be able to help me with this request I have for SonarQube.
We are currently enhancing the security posture of our application environment to comply with state regulations and the requirements set forth by STIG (Security Technical implementation Guide). A key focus of this environment is to ensure the protection of our database management systems (DBMS) against SQL injection attacks.
STIG mandates that our DBMS code should be designed to prevent SQL injection. While STIG acknowledges the challenges posed by external application vendors, it emphasizes that we must, at a minimum, obtain assurances from your development organization that this issue has been addressed. Additionally, we are required to document our findings.
In This context, we kindly request the following from your team:
-
Proof of data input validity mechanisms implemented within your application .
-
Assurance that your application has measures in place to protect against SQL injection attacks.
Furthermore, we are considering the implementation of an F5 web Application Firewall (WAF) to provide additional protection against various web attacks. Any insights or recommendations you can provide regarding this approach would be highly appreciated.
We look forward to your prompt response and appreciate your cooperation in helping us meet our security requirements.
Best Regards,
Mohashin Mostafa
Leidos / Systems Engineer Integration & Configuration
mostafam@leidos.com
929-253-8007