Requirement ID : V5.3.4 Requirement Name : Verify that data selection or database queries (e.g. SQL, HQL, ORM, NoSQL) use parameterized queries, ORMs, entity frameworks, or are otherwise protected from database injection attacks.
OTG # 1 : Testing for SQL Injection (OTG-INPVAL-005) - An SQL injection attack consists of insertion or “injection” of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application.
OTG # 2 : Testing for NoSQL injection - NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational con-straints and consistency checks, NoSQL databases often offer performance and scaling benefits.