Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

REQ.169 Use parameterized sentences

This document contains the details of the security requirements related to the definition and management of source code in the organization. This requirement establishes the importance of using parameterized sentences in order to avoid injection attacks such as SQLi.

Requirement

System must use parameterized sentences or parameterized stored procedures to create dynamic sentences (e.g java.sql.PreparedStatement).

References

  1. OWASP-ASVS v3.1-5.10 Verify that all database queries are protected by the use of parameterized queries or proper ORM usage to avoid SQL injection.


Service status - Terms of Use