SQL Injection Errors No Longer the Top Software Security Issue
Wednesday, November 27, 2019
SQL injection errors are no longer considered the most severe or prevalent software security issue.
According to Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, the new list and risk-ranking approaches make a lot of sense overall. However, some of the entries in the list are likely to cause some controversy, Kolochenko says.
Cross-site scripting errors, for example, while common are not particularly easy to exploit. "Successful exploitation of an XSS, unless it's a stored one, always requires at least a modicum of social engineering and interaction with a victim," he says.
One could potentially make similar comments about all other entries, arguing about the prevalence of the vulnerabilities in business-critical systems, ease of detection and exploitation, costs of prevention, and remediation time. "We will unlikely have a unanimous opinion on all of them," Kolochenko says. "This is why it's good to have different classifications and ratings that, once consolidated, provide a comprehensive overview of the modern-day vulnerability landscape." Read Full Article
Computer Business Review: Experts Expect “Aggressive Exploitation” of Two Apache Solr Vulnerabilities
SC Media: Chinese national charged in US for stealing proprietary software