• SQL injection is lurking…Are you looking for it?

    30 Aug 2019

    I don’t always find SQL injection vulnerabilities in the web applications I test but I have been seeing it more and more recently. I can’t figure out why… When I do uncover this grandest of all vulnerabilities, it’s usually pretty ugly as it was with this recent finding:

    Using Acunetix Web Vulnerability Scanner to uncover SQL injection across various web pages and parameters

    Look for this flaw. Use good tools such as Acunetix Web Vulnerability Scanner both without and with user authentication…across all your applications. It’s the last vulnerability you can afford to have in your environment.