---
title: Authentication not detected on route with SQL injection vulnerability
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Authentication not detected on route
  with SQL injection vulnerability
---

# Authentication not detected on route with SQL injection vulnerability
 
## Description{% #description %}

No authentication was detected for an API that performs [SQL queries using user controlled parameters](https://app.datadoghq.com/security/appsec/vm/code?query=status%3A%28Open%20OR%20%22In%20progress%22%29%20type%3A%22SQL%20Injection%22&column=score&detection=runtime&order=desc).

An SQL injection attack consists of the insertion or "injection" of a SQL query via the input data from the client to the application.

In case the API does not sanitize parameters correctly, attackers might interact with the database and steal information.

## Rationale{% #rationale %}

This finding works by identifying an API for which Datadog detected no authentication mechanism and that contains code vulnerabilities permitting full or partial control of database query parameters.

## Remediation{% #remediation %}

- Use of SQL prepared statements
- Avoid generating SQL queries using user parameters without sanitization
- Implement authentication to prevent non-intended users interaction with the database
- To improve authentication detection, you can configure custom authentication detection via the [Endpoint Tagging Rules](https://app.datadoghq.com/security/configuration/asm/trace-tagging) settings.