We are currently developing an application which utilises the OOTB Direct Web Access functionality. From a security perspective I understand that a once only identifier is generated and this is authenticated and also the external assignment must be static page. However is there any online documentation providing information regarding built in security validation of the form to avoid SQL injection attacks or other similar malicious activities?
I hope you must have found some of the articles related to DWA over PDN. But with regards to security validation of the form to avoid SQL injection attacks or other similar malicious activities, we will look into this and come back.
The features that provide protection for your application against SQLi attacks protect DWA as well. There is nothing special about DWA that make it more vulnerable to SQLi attacks than non-DWA browser users.