SANS is out this week with its annual Top 25 Most Dangerous Software Errors report for 2011. According to a number of security industry professionals it’s a list that isn’t necessarily highlighting new trends, but rather than old problem continue to persist.
At the top of the list for 2011 is SQL Injection, which should come as no surprise to anyone that has followed the recent spate of breaches.
“Everyone seems to be focusing on the fact that SQL injection made it to No. 1 this year, but I find myself thinking, so what?” Vincent Liu, managing partner at security research firm Stach & Liu told InternetNews.com. “SQL injection was the vulnerability behind the Sony, Infraguard, and other recent attacks. Yet no matter if it’s No. 1 or No. 4 or No. 10, it always has been one of the primary causes of significant data breaches in the past, and it will continue to be for many years to come.”