You probably don’t know all of them, especially in mobile applications, web services and RIA’s which are typically developed in new technologies like REST, JSON and AJAX. While security teams are often effective at testing for vulnerabilities in classic HTML applications over GET and POST, most testing methodologies do not handle these new formats. As a result, web applications using these new formats are often littered with SQL Injection and other security vulnerabilities.
Over the past few years, Dan Kuykendall, CTO at NT OBJECTives has found that most security teams are inadequately testing mobile applications, web services and RIA’s and as a result they are often littered with security vulnerabilities.
Why SQL Injection is so prevalent in these technologies despite the fact that we have understood SQLi for so long.
How to understand these newer formats (JSON, REST, SOAP) and find SQL Injection vulnerabilities in several technologies commonly used in these applications.
How you can scale your testing to automatically find these vulnerabilities.
NT OBJECTives, Inc.
Co-CEO & CTO