I don’t always find SQL injection vulnerabilities in the web applications I test but I have been seeing it more and more recently. I can’t figure out why… When I do uncover this grandest of all vulnerabilities, it’s usually pretty ugly as it was with this recent finding:
Look for this flaw. Use good tools such as Acunetix Web Vulnerability Scanner both without and with user authentication…across all your applications. It’s the last vulnerability you can afford to have in your environment.