3.8 Injection

Injection flaws occur when an application sends untrusted data to an interpreter. Injection flaws are very prevalent, particularly in legacy code. They are often found in SQL, LDAP, Xpath, or SQL queries; OS commands; XML parsers, SMTP Headers, program arguments, etc. Injection flaws are easy to discover when examining code.

Oracle Banking Trade Finance Process Management uses Oracle database and it has adequate inbuilt techniques to prevent SQL injections as underlined below:-.

  1. Use of parameterized queries— Oracle Banking Trade Finance Process Management uses queries with bind variables to construct and execute SQL statements in JAVA

Evidence

query =entityManager.createquery("select obj from Country obj where obj.countryId =?");
query.setString(1,countryId);