The NSW Auditor-General claims to have found "no major security flaws" in two New South Wales agencies selected for penetration testing and high-level scanning of emails.Experts were engaged to test the security of two nameless NSW agencies certified to ISO27001, the auditor-general's brief report has revealed.
The Auditor-General's department refused to disclose which agencies had been tested.The penetration testing uncovered several "non-major" security issues facing government agencies including SQL injection, where the attack involves illicit SQL commands through a web application for execution by the backend database. "It is perhaps one of the most common attack techniques currently used with the usual object being data theft," the report noted.The attack can be readily countered through server-side sanitisation routines, restricting the use of dynamic SQL and replacing SQL in web application code with calls to stored procedures.Other weaknesses identified in the Auditor-General's penetration testing included:
Copyright © iTnews.com.au . All rights reserved.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.