This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Top 10 OWASP security design - non SQL

Posted on 03-02-2024 06:06 PM
aramkrishna6
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi,

Per top 10 OWASP with SQL injection OWASP top 10 Web Application threats  |  Apigee Edge  |  Apigee Docs  will not be applicable or not required to backend, which don't have the SQL d.b but does this apply with Cloud Spanner or non SQL backends ?

@dino  @cjking 

3 1 204
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
nmarkevich
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Hi @aramkrishna6,

Cloud Spanner does indeed use SQL syntax, which means it can be vulnerable to SQL injection attacks if not properly secured. While the risks may differ from traditional SQL databases, the core principle remains: any system that processes dynamic queries or user input is at risk of injection attacks if inputs aren't validated or sanitized.

So, even with non-SQL backends or databases like Cloud Spanner, it's important to follow secure coding practices to avoid injection vulnerabilities.

Let me know if you need further details!


Best,
Nikita

Top Solution Authors
View all