In its 2015 report, the Open Web Application Security Project (OWASP) identified SQL injection and cross-site scripting among its Top 10 software vulnerabilities. Again.
If it feels as if you’ve been reading this same story for the last decade, it’s because you have. So why is it that we can build intelligent robots, fling unmanned vehicles throughout the universe and create computers that can recognize natural languages to a point where they can defeat humans on television quiz shows, but we can’t put an end to these software vulnerabilities?
John Steven, CTO of security company Cigital, said, “We’re in—and sick of—the hamster wheel of pain” that patching those vulnerabilities represents. “How many dynamic testing tools results parties do we have to have on every application before we get that there are certain truths that remain self-evident, like your hygiene around outputting coding and input validation continues to be bad?”