Application Security

SQL injection, XSS vulnerabilities continue to affect companies

SQL injection, XSS vulnerabilities continue to affect companies
Written by ga_dahmani
SQL injection, XSS vulnerabilities continue to affect companies

Credit: Dreamtime

Despite years topping vulnerability charts, SQL injection and cross-site scripting (XSS) bugs remain the bane of security teams. according to a new report by a penetration testing company as a service.

Based on 8,000 security tests conducted in 2021, the BreachLock report organizes its findings by risk. Critical risk findings pose a major threat to a company’s data. Elevated risks could have a catastrophic effect on an organization’s operations, assets, or people. Medium risks could have an adverse impact on operations, assets or people.

More than a third of critical risks found in web applications (35 percent) can be attributed to data injection or exposure, which the report says is a cause for concern given that the number of web-hosted applications The Internet is growing with the increase in digitization among organizations.

“Even though SQL injection was such a common vulnerability for years, I’m surprised to see that it’s still as common as it was in 2014, 2015,” said BreachLock VP of Products Prateek Bhajanka. “Over 27 percent of our findings are SQL injection findings.”

Aadoption of DevSecOps improving application security

Even more alarming, according to the report, is that more than 50 percent of high-risk findings found in web applications could be linked to cross-site scripting errors. The report explains that developers often take the “deny list” approach to data validation over the “allow list” approach, leading to new data exploiting cross-site scripting vulnerabilities.

However, critical and high findings for web applications account for only five percent of all category findings. These data insights reaffirm that web application security, especially with the adoption of DevSecOps, is resulting in improved application security, the report states.

When analyzing organizations’ infrastructure, BreachLock found a higher percentage of critical and high vulnerabilities in their internal infrastructure (over 15 percent) compared to their external infrastructure (over 9 percent). This indicates, the report noted, that organizations impose greater rigor in the management of external vulnerabilities than internal ones.

About the author


Leave a Comment