SQL injection vulnerabilities reach three year high

A new report by DB Networks reveals a major uptick in SQL injection vulnerabilities in publicly launched software packages in 2014, reaching their highest levels in three years.

Analysing the National Vulnerability Database figures, the report added that 2014 witnessed the most SQL vulnerabilities detected since 2011, with 104% more than vulnerabilities detected than in 2013.

DB Networks CTO Dave Rosenberg said: "Despite the best efforts of project managers, software development nearly always runs headlong into time and cost constraints."

"When the clock is ticking, it seems security testing is among the first tasks to be shunted aside."

The report seeks identification of SQL injection vulnerabilities are identified and patched in software packages before the vulnerability gets exploited by hackers.

The impact of SQL injection vulnerability in popular software package could be massive, with a flaw detected in the Drupal content management software affecting over a million web sites last October.

Another study by the Ponemon Institute noted that several businesses were not on pace to deal with the latest cyber threats, with several of them still unaware that their Web Application Firewalls could be defeated easily.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing