iTnews
  • Home
  • News
  • Technology
  • Security

NSW agencies pass IT security test

By John Hilvert
Feb 28 2011 5:01AM
Follow google news

SQL injection one of the most common techniques.

The NSW Auditor-General claims to have found "no major security flaws" in two New South Wales agencies selected for penetration testing and high-level scanning of emails.

Experts were engaged to test the security of two nameless NSW agencies certified to ISO27001, the auditor-general's brief report has revealed.

NSW agencies pass IT security test

The Auditor-General's department refused to disclose which agencies had been tested.

The penetration testing uncovered several "non-major" security issues facing government agencies including SQL injection, where the attack involves illicit SQL commands through a web application for execution by the backend database.

"It is perhaps one of the most common attack techniques currently used with the usual object being data theft," the report noted.

The attack can be readily countered through server-side sanitisation routines, restricting the use of dynamic SQL and replacing SQL in web application code with calls to stored procedures.

Other weaknesses identified in the Auditor-General's penetration testing included:

  • a failure to terminate remote access sessions.
  • Sniffing (transmission of data between systems and remote applications in easily read and modifiable form).
  • Weak encryption methods.
  • Login credentials stored by the user’s web browser.
  • Out of date operating system software with known vulnerabilities.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
encryptionnsw auditorgeneralsecuritysql injection

Related Articles

  • Marathon OAIC investigation finds Optus breached 51,000 customers' privacy Marathon OAIC investigation finds Optus breached 51,000 customers' privacy
  • US gov shortens cyber fix window to three days US gov shortens cyber fix window to three days
  • Anthropic releases Mythos-class model for public use Anthropic releases Mythos-class model for public use
  • Apple bumps up security in fresh operating system releases Apple bumps up security in fresh operating system releases
Join our WhatsApp Channel

Partner Content

Agile isn’t the problem: why projects still fail, and what’s missing
Partner Content Agile isn’t the problem: why projects still fail, and what’s missing
The hidden economics of AI: Why token usage matters more than you think
Partner Content The hidden economics of AI: Why token usage matters more than you think
Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
Partner Content Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment
Promoted Content Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment

Sponsored Whitepapers

When cyber risk has no clear owner: A practical guide for senior Australian business leaders
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • Forrester's AI Forum Sydney Forrester's AI Forum Sydney
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Researchers build self-replicating AI worm with BYO LLM

Researchers build self-replicating AI worm with BYO LLM
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.