SQL Injection techniques continue to lead the top exploited vulnerabilities list, impacting 46% of organizations around the world.
PHP web attacks nearly doubled when compared to the 10 weeks to 31st December 2018, and were the most common attack type seen, with 52,920, followed by
SQL injection attempts and XSS (cross site scripting) attempts.
Furthermore,
SQL injection is categorized by the Open Web Application Security Project (OWASP) in 2010, 2013 and 2017 as one among the top ten threats and vulnerabilities in web applications that targeted backend databases.
The reason could be justifiably agreed to because attackers now target the underlying sensitive documents and information databases in case of
SQL injection attacks.
When we looked at the prevalence of major vulnerability categories like
SQL injection in initial application scans, we see a similar consistency over time.
Crypters, typically used to obfuscate malware, as well as
SQL injection tools, keyloggers, and basic malware builders, are given away--a reflection of the culture within the regions' underground scene," Hassan stated.
Among the types of attacks simulated are
SQL Injection, cross-site scripting, and software exploitation and the platform also tests applicants' ability to conduct vulnerability checks, source code audits and analysis of network packets.