Low Code, High Stakes: Addressing SQL Injection
-
SQL injection (SQLi) attacks have been a persistent threat to web applications since the late 1990s, fueled by human error, immature code, and the use of open-source code. This has prompted agencies like CISA and the FBI to issue warnings and recommend a Secure by Design approach to mitigate vulnerabilities.
A new wave of SQLi attacks is targeting low-code and no-code (LCNC) platforms, which are expected to account for 70% of apps by 2025. These platforms are often used by citizen developers who lack the technical knowledge to understand and address the risks. Despite their benefits in terms of productivity and innovation, LCNC platforms and RPAs represent a growing attack surface.
Many popular business software and development tools support LCNC, and the lack of professional developer involvement in building these apps increases the risk of SQLi attacks. Hackers can exploit any external data source processed by an LCNC application or RPA, such as emails or social media posts, by hiding SQLi attacks within these inputs. This can lead to data breaches, manipulation, and even the creation of fake accounts.
ที่มาแหล่งข่าว
https://www.helpnetsecurity.com/2024/06/17/sqli-attacks/
