Submitted via IRC for soycow1984
They may not grab the most headlines, but injection attacks are the most common threats targeting organizational networks, according to IBM MSS data.
The facts are clear. According to IBM X-Force analysis of IBM Managed Security Services (MSS) data, injection attacks are the most frequently employed mechanism of attack against organizational networks. In fact, for the period assessed (January 2016 through June 2017), injection attacks made up nearly half — 47 percent — of all attacks. The most common types were operating system command injection (OS CMDi) and SQL injection (SQLi). Injection attacks versus all attacks. Figure 1: Injection attacks versus all attacks (Source: IBM Managed Security Services data).
Attackers take advantage of injection vulnerabilities in operating systems and applications to penetrate critical web servers and access back-end databases. From using malicious webshells to planting cryptocurrency mining tools or malicious PHP scripts, there are many ways in which cybercriminals can use injection attacks to reach their end goal.
(Score: 0) by Anonymous Coward on Wednesday November 08 2017, @07:09PM
Because of lazy and because a bunch of folks have no fucking clue about what they are or should be doing.
After all, there's time allocated in the schedule to fix this quick hack where I concatenate the user's input and then send it straight to the database using an sa/postgres/root/super user, right? Right? I mean, we release software when it's 'done'; not when the schedule says to release it...