Denim Group has been acquired by Coalfire. Learn More>>

Search Software Quality: Stamping Out Cross-Site Scripting and SQL Injection


Search Software Quality published another of my answers to reader questions:

Why are SQL injections or XSS (cross-site scripting) errors still the biggest problem in application security, particularly web application security? What tests or processes can we use to reduce this problem?

You can see my full answer online where I talk about taking a multi-pronged approach to addressing these issues (sorry – registration required). For those looking for a quick preview, I talk about:

  • Knowing you application attack surface (you can’t defend what you don’t know about)
  • Training developers to build applications that aren’t susceptible to common attacks
  • Verifying that training was effective by implementing a testing program

It is certainly possible to build applications that don’t contain these errors, but few organizations have been successful implementing a comprehensive approach for dealing with these issues. However, by understanding the scope of the problem and the steps required to get it under control, organizations can make significant progress.

Contact us for help finding and eliminating common errors like SQL injection and cross-site scripting (XSS) from your applications.


dan _at_


About Dan Cornell

Dan Cornell Web Resolution

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *