Josh Grossman

@ImanSharaf any further thoughts?

@elarlang correctly noted that #1201 is related to this

Hi @christian-muertz, did you get anywhere with this?

This is sort of related: https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter-applications/

I think this issue has raised an interesting point which is that this requirement jumps directly to implementation suggestions (ORM, parameterization, etc) rather than focusing on security goals. @ajayojha do...

What do you think about: "_Verify that the application protects data selection or database queries (e.g., SQL, HQL, NoSQL, Cypher) against injection attacks by treating potentially untrusted content as data,...

I would request that everyone keeps comments respectful and on-topic. My understanding is that the most recent proposal was: "_Verify that the application protects data selection or database queries (e.g.,...

"_Verify that the application protects data selection or database queries (e.g., SQL, HQL, NoSQL, Cypher) against injection attacks by ensuring that untrusted input is treated strictly as data, not as...

So what do we think about: "_Verify that the application protects data selection or database queries (e.g., SQL, HQL, NoSQL, Cypher) against injection attacks by ensuring that untrusted input is...

Wherever possible, our intention was to use [rfc2119](https://datatracker.ietf.org/doc/html/rfc2119) wording. I think you raise an interesting point in that maybe wherever we using words like ideally or preferred, we should try...