Total Tests:

SQL Injection Errors No Longer the Top Software Security Issue

By Jai Vijayan for Dark Reading
Wednesday, November 27, 2019

SQL injection errors are no longer considered the most severe or prevalent software security issue.

According to Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, the new list and risk-ranking approaches make a lot of sense overall. However, some of the entries in the list are likely to cause some controversy, Kolochenko says.

Cross-site scripting errors, for example, while common are not particularly easy to exploit. "Successful exploitation of an XSS, unless it's a stored one, always requires at least a modicum of social engineering and interaction with a victim," he says.

One could potentially make similar comments about all other entries, arguing about the prevalence of the vulnerabilities in business-critical systems, ease of detection and exploitation, costs of prevention, and remediation time. "We will unlikely have a unanimous opinion on all of them," Kolochenko says. "This is why it's good to have different classifications and ratings that, once consolidated, provide a comprehensive overview of the modern-day vulnerability landscape." Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential