Nokod Security

In Plain Sight: How Microsoft Power BI Reports Expose Sensitive Data on the Web

Nokod Marketing — Wed, 19 Jun 2024 17:30:55 +0000

By: Uriya Elkayam, Amichai Shulman

Introduction

The Nokod Research Team discovered a data leakage vulnerability in the Microsoft Power BI service. Our team found evidence that tens of thousands of organizations worldwide are affected by this vulnerability, and some of their sensitive data, including employee, customer, business or government data, PHI, and PII, can be accessed anonymously through the Internet.

The vulnerability, which is very easy to exploit, allows attackers to extract information that is not visible in reports generated with the Power BI service but is part of its underlying data model. Potential data leakage scenarios include the ability to access:

Detailed and potentially confidential data behind the aggregated or anonymized data
Additional attributes and data assets that were not included in the displayed report
Additional data records that were filtered out from the display

We reported our findings to the Microsoft Security Response Center (MSRC) on 05/16/2024, and on 05/18/2024, Microsoft confirmed the issue but regarded it as a feature rather than a vulnerability.

Nokod Security created the “Power BI Analyzer”, a simple and free tool to help organizations assess their exposure to this vulnerability. It can be downloaded here.

Technical Details

Description of the Issue

Every Power BI report is built on top of a semantic model. The semantic model represents all the data that could be used for visualization, while the report object defines which data actually becomes visible in the UI and how.

When a report object is shared with other users (explicitly or implicitly by sharing the workspace), all (!) the underlying raw data represented by the semantic model also becomes accessible to those users, including:

Detailed data records that are used to display aggregations in the report’s UI
Tables that are included in the semantic model and are not displayed in the report at all (even when these tables are explicitly marked as “hidden” in the model)
Non-displayed columns of tables not visible in the report’s UI (as details or aggregations, and even when these columns are explicitly marked as “hidden” in the model)
Detailed data records of tables that are used in the display, even if the display filters out these records.

Not only is the data available to any unauthorized user, but it is also very easy for anyone to figure out what additional data is hidden and view it.

This behavior affects reports that are accessible inside an organization as well as reports that are published to the web.

Exploit details

The execution of a Power BI report requires an API call that extracts the data to be displayed. This is a POST request to the following end-point for reports that are public:

https://wabi-west-europe-f-primary-api.analysis.windows.net/public/reports/querydata

A different API endpoint is used for reports that are only available for users inside the organization:

https://pbipweu14-westeurope.pbidedicated.windows.net/webapi/capacities//workloads/QES/QueryExecutionService/automatic/public/query

The payload of the call is a JSON message representing a query in a proprietary Power BI format. A call to this API is made per each visual included in the report. The response includes a JSON representation of the requested data.

In the first example, the payload includes a query to retrieve the ‘name’ column of the ‘Products’ table. The query restricts the data to products that contain the letter ‘c’ in their name.

A user can also request names of columns and tables to be queried as long as they are part of the underlying semantic model of the report. This is true even when said columns and tables are marked as “hidden” by the owner of the semantic model.

Removing filters and aggregations is very straightforward, as shown in the previous example, and requires no knowledge about the schema of the data source. However, in order to add data that is not included in the visualization, the attacker would need some knowledge about the schema. This can be obtained by another API call that is used for generating a Power BI report. For public reports, the call is a POST request to the following endpoint:

https://wabi-west-europe-f-primary-api.analysis.windows.net/public/reports/conceptualschema

A different endpoint is used for reports that are only available for users in the organization:

https://wabi-west-europe-f-primary-redirect.analysis.windows.net/explore/conceptualschema

The response of this API call includes a representation of the entire semantic model of the report, including those columns and tables that are not used in the visualization, even if those were marked as “hidden” by the creator of the report.

In the following example, we connect a SQL DB to the report and hide the “secrets” table. As you can see, it is still returned by the call to the “conceptualschema” API, and all the columns and values are accessible through the “query” API.

Exposure in the wild

While we are certain that this vulnerability affects almost any organization that shares Power BI reports internally, the more critical concern is for those organizations that publish – intentionally or unintentionally – reports to the web.

Tens of thousands of reports are intentionally made public by organizations to externally share corporate, product, financial, healthcare, government, and other information. We were not surprised to stumble upon several examples from government institutions as well as commercial organizations that have shared anonymized data in the form of graphs and summaries with the public.

In fact, it is pretty easy to find a large number of Power BI reports published on the web with the help of search engines. Simple search string such as: site:app.powerbi.com inurl:”view?r=” yields literally countless results. Bing for example returned over 160,000 results.

Variations of this search string, such as : site:”https://app.powerbi.com/view?r=” + sales, can yield more focused results. Some of our queries based on this specific search string generated more than 50,000 results.

While many of the results are sample reports created by service providers demonstrating their Power BI skills for customers, numerous results represented actual data from real organizations. Using the simple API calls we showed earlier, it is easy to tell whether a report will expose unintended/sensitive data and then retrieve this information at will.

Applying refined search terms and manual inspection, we quickly detected a few dozen reports that were exposed to this vulnerability, and that allowed for additional sensitive data to be extracted. Again, the fact that during a random manual screening of this huge number of search results we were able to find so many examples of exploitable reports demonstrates the profound seriousness of this risk. Among the organizations that we found to be vulnerable were state government sites that unintentionally expose PHI, universities exposing employee data and municipalities exposing PII.

Remediation

Microsoft’s position is that the behavior we uncovered is a design choice rather than a vulnerability. Hence it is the responsibility of organizations who create and share the reports to create them in a way that does not disclose any sensitive information.

While we disagree with Microsoft’s assessment of this behavior (in particular with respect to “hidden” columns and tables) we have developed these guidelines to help organizations protect their data while creating reports:

- Instead of using “hidden” tables and columns in the semantic model of a report, remove them from the semantic model altogether. While this is simple to achieve for tables, it is a bit tricky though possible for individual columns.
- If you want to display only a subset of an entire data table in the report (e.g. only data of employees from a specific region, only data for a specific set of products, etc.) use a Power Query expression to restrict the “Data Source” you attach to the “Semantic Model”. This way the semantic model does not access the data source directly but only the subset.
- If you show aggregated data, make sure that you only select non-sensitive columns of the underlying data source for the semantic model. If this is not possible for some reason (e.g. aggregation is based on a function of a sensitive column) use a Power Query expression to aggregate the data of the “Data Source”.

Additionally, it is a best practice for organizations to frequently review their Power BI environments for reports that were unintentionally published to the web or simply overshared within the organization. If reports do need to be widely shared, make sure that their semantic model follows the guidelines above.

Free risk assessment tool

In order to assist organizations with an initial assessment of their exposure to this vulnerability Nokod Security created the Power BI Analyzer, a simple Python based tool that scans your Power BI environment for reports that are either published to the web or widely shared in the organization. For these reports, the tool makes an initial assessment of whether a report has more underlying data than exposed in the report.

The tool is Open Source and can be downloaded here.

For further information contact:
Uriya Elkayam: uriya@nokodsecurity.com
Amichai Shulman: amichai@nokodsecurity.com

Join Us on Our Journey

Subscribe to Our Newsletter – Stay informed about the latest security trends, product updates, and industry insights. Find a signup form in the sidebar.

Follow Us on LinkedIn – Connect with us on LinkedIn for real-time updates and engaging discussions.

The post In Plain Sight: How Microsoft Power BI Reports Expose Sensitive Data on the Web appeared first on Nokod Security.

Power Hacking with Microsoft Power Platform

Ursula Ron — Wed, 19 Jun 2024 09:30:13 +0000

Make sure that your Power Platform's low-code and no-code development doesn't translate to low security.

Watch this webinar and join security expert Amichai Shulman for a deep dive into real-world attacks, exposing dangerous misconceptions and busting the myth that low-code development isn’t creating an external attack surface.

Get practical mitigation guidelines for the attacks and mistakes discussed.

Learnings and Takeaways

Recognize the organizational, human, and technical factors that contribute to security risks when using Microsoft Power Platform.
See how attackers can leverage vulnerabilities in Power Platform apps, automations, and reports.
Acknowledge the risk of the external attack surface created by Power Platform apps.
Acquire best practices to reduce the security risks of using the Power Platform.

Why it matters

You are in good company if you are using Power Apps, Power Automate, or Power BI. An impressive 97% of Fortune 500 companies are using Microsoft Power Platform. Power Platform has 33 million monthly active users and has grown 50% year over year.

However, harnessing the full transformational potential of the Power Platform requires safeguarding your organization against security vulnerabilities and guiding your citizen developers and builders.

While apps, automation, and reports built on Power Platform accelerate innovation and drive better business outcomes, they also open a potential gateway for attackers.

This webinar raises awareness of these security risks, especially as security professionals struggle to build security into the LCNC development life cycle.

The post Power Hacking with Microsoft Power Platform appeared first on Nokod Security.

Meet Nokod at “UiPath on Tour” in London

Ursula Ron — Sun, 02 Jun 2024 11:04:24 +0000

At a Glance

When: 2 July, 2024
Website: UiPath on Tour
Where:
- InterContinental – The O2
- 1 Waterview Dr, London SE10 0TW, UK

We are thrilled to be a sponsoring partner for UiPath on Tour, London on July 2!

Visit the Nokod Booth and join us for open conversations, live demos, and insights on how Nokod Security can fortify your RPA developments. If third-party risks are on your radar, watch our on-demand webinar, Security Risks in Low-Code/No-Code App Development. It demos several supply chain attacks on automation built on the UiPath platform!

At our booth, explore the Nokod Security Platform—a cutting-edge solution explicitly designed for LCNC apps and Robotic Process Automation (RPA) development. Here’s how it empowers your security posture:

Application Logic Inspection: Our platform meticulously scrutinizes automation logic, identifying potential vulnerabilities.
Data Access Monitoring: We delve into data access patterns, ensuring compliance and uncovering any violations.
Threat Intelligence Integration: Nokod’s proprietary threat intelligence keeps a vigilant eye on third-party components, flagging weaknesses.
User-Defined Configuration Checks: We explore environments to pinpoint any misconfigurations that might expose your organization.

If you prefer to plan ahead, feel free to use the form on the right to schedule a meeting with our team.

See you in London!

The post Meet Nokod at “UiPath on Tour” in London appeared first on Nokod Security.

Meet us at OWASP Global Lisbon

Ursula Ron — Sat, 01 Jun 2024 15:04:42 +0000

At a Glance

When: 27-28 June, 2024
Website: OWASP Global Lisbon
Where:
- Lisbon Congress Centre
Nokod Booth: SU9:

We’re happy to be part of OWASP Global at the Conference Centre Lisbon! Join us for Uriya Elkayam’s session Back to the Future: Old Tricks Invading a New Attack Surface. Uriya is a Senior Security Researcher at Nokod.

Or level up your low-code/no-code hacking skills in our Bob the Breaker CTF! Nokod created it especially for OWASP Lisbon 2024. Get hands-on experience, encounter real-world scenarios, and have fun! Great prizes are up for grab.

Visit Nokod at Booth SU9 to discuss how to low-code/no-code (LCNC) development changed AppSec. Development tools like Microsoft Power Platform, UiPath, Salesforce, and ServiceNow offer great convenience but bring a fresh set of security challenges and compliance considerations.

Get a demo of the Nokod Security Platform, our cutting-edge solution explicitly designed for LCNC apps and Robotic Process Automation (RPA) development. Here’s how it empowers your security posture:

Application Logic Inspection: Our platform scrutinizes application logic, identifying potential vulnerabilities.
Data Access Monitoring: We delve into data access patterns, ensuring compliance and uncovering violations.
Threat Intelligence Integration: Nokod’s proprietary threat intelligence keeps a vigilant eye on third-party components, flagging weaknesses.
User-Defined Configuration Checks: We explore environments to pinpoint any misconfigurations that might expose your organization.

Visit us at Booth SU9 to engage in conversations and explore how Nokod Security can fortify your LCNC application development.

If you prefer to plan ahead, feel free to use the form on the right to schedule a meeting with our team.

See you soon in Lisbon!

The post Meet us at OWASP Global Lisbon appeared first on Nokod Security.

Uriya Elkayam Presenting at OWASP AppSec Lisbon 2024

Ursula Ron — Sat, 01 Jun 2024 13:40:41 +0000

We are excited to inform you that Uriya Elkayam, Senior Security Researcher at Nokod, has been selected to speak at OWASP 2024 Global AppSec Lisbon.

In his session, Back to the Future: Old Tricks Invading a New Attack Surface, Uriya will explore the security risks of leading Low-Code/No-Code (LCNC) application development platforms.

While LCNC platforms offer convenience, attackers exploit time-tested application layer tricks against them. Let’s have a look at the vulnerabilities.

Robotic Process Automation (RPA):

Misconception: RPAs built using LCNC technologies are immune to classic application layer attacks.
Reality: LCNC applications are vulnerable to SQL injections, authorization mishaps, and OS command injections.

Supply Chain Attacks:

LCAPs integrate code reuse and sharing mechanisms via marketplaces (e.g., Forge, AppSource, UiPath Marketplace).
A double-edged sword: Empowering app developers and a potential gateway for attackers.

Join our session to discuss LCNC app security and robotic process automation. Let’s fortify our defenses against these looming threats!

Uriya Elkayam

Uriya Elkayam is a senior security researcher at Nokod Security.

His research focuses on application security aspects of low-code/ o-code platforms such as MS Power Platform, UiPath, and OutSystems.

He is passionate about finding vulnerabilities and developing new mitigation techniques.

In his previous role as Head of Research at AirEye, he became an expert in network security, wireless communication, and low-level side-channel attacks.

Uriya holds a B.Sc. and M.Sc. in Communication System Engineering from Ben Gurion University.

The post Uriya Elkayam Presenting at OWASP AppSec Lisbon 2024 appeared first on Nokod Security.

Amichai Shulman to Present at Infosecurity Europe

Ursula Ron — Thu, 23 May 2024 12:46:40 +0000

We are thrilled that InfoSecurity Europe invited our very own Amichai Shulman to present at the show in London. In his session, No Code, No Malware? Supply Chain Attacks in Low-Code/No-Code Development Environments, Amichai will discuss unprotected enterprise attack surfaces introduced by citizen developers. Amichai will demonstrate supply chain attacks in this hands-on, fast-paced session, how they spread in LCNC and robotic process automation (RPA) environments, and share best practices for detecting and remediating them.

As low-code application development platforms (LCAPs) become more popular among citizen developers, they also create a new attack surface that’s largely unmonitored and unprotected. This is mostly due to the current application security stack, which doesn’t cover either LCNC apps or RPAs and suffers from a lack of visibility and control over newly introduced risks.

Join this session to seize your opportunity to learn more about the new LCNC security frontier.

The Speaker

Amichai Shulman

Amichai, CTO and co-founder of Nokod, is an internationally recognized cyber security expert and researcher. He was previously co-founder and CTO at Imperva for more than 15 years.

Amichai is a frequent conference speaker and industry authority on cybersecurity. As an investor and advisor, he has guided many successful startups.

Amichai is also an Adjunct Teacher at the Technion-Israel Institute of Technology. Amichai holds a B.Sc. and M.Sc. degrees in Computer Science.

The post Amichai Shulman to Present at Infosecurity Europe appeared first on Nokod Security.

Meet us at InfoSecurity London, ExCel

Ursula Ron — Wed, 08 May 2024 12:55:18 +0000

At a Glance

When: 4-6 June, 2024
Website: Infosecurity Europe
Where:
- ExCel, London
- Royal Victoria Dock, 1 Western Gateway
Nokod Booth: C145:

We’re happy to participate in Infosecurity Europe this June!

Visit us at Booth C145 to discuss how to SECURE the development and use of low-code/no-code (LCNC) applications. Development tools like Microsoft Power Platform, UiPath, Salesforce, and ServiceNow offer unparalleled convenience but usher in a fresh set of security challenges and compliance considerations.

Application Logic Inspection: Our platform scrutinizes application logic, identifying potential vulnerabilities.
Data Access Monitoring: We delve into data access patterns, ensuring compliance and uncovering violations.
Threat Intelligence Integration: Nokod’s proprietary threat intelligence keeps a vigilant eye on third-party components, flagging weaknesses.
User-Defined Configuration Checks: We explore environments to pinpoint any misconfigurations that might expose your organization.

Visit us at Booth C145 to engage in open conversations, get a live demo of our product, and explore how Nokod Security can fortify your LCNC application development.

If you prefer to plan ahead, feel free to use the form on the right to schedule a meeting with our team.

See you soon in London!

The post Meet us at InfoSecurity London, ExCel appeared first on Nokod Security.

Gartner Security & Risk Management Summit

Ursula Ron — Mon, 06 May 2024 08:05:23 +0000

Why it matters

Low-code and no-code (LCNC) development is likely everywhere in your organization.

Microsoft Power Platform, UiPath, ServiceNow, Salesforce, and others empower business users without security training to build apps and automations. Hear from Yair what we found at the organizations of our customers and prospects. The numbers are enormous, and the risks are serious.

LCNC & RPA changed who and how we develop apps. Nokod believes AppSec must change, too.

Feel free to contact Yair on LinkedIn or to schedule a meeting here.

See you at the Gartner Security & Risk Management Summit!

Our Solution

The Nokod Security Platform is our cutting-edge solution explicitly designed for LCNC apps and Robotic Process Automation (RPA) development. Here’s how it empowers your security posture:

Application Logic Inspection: Our platform scrutinizes application logic, identifying potential vulnerabilities.
Data Access Monitoring: We delve into data access patterns, ensuring compliance and uncovering violations.
Threat Intelligence Integration: Nokod’s proprietary threat intelligence keeps a vigilant eye on third-party components, flagging weaknesses.
User-Defined Configuration Checks: We explore environments to pinpoint any misconfigurations that might expose your organization.

The post Gartner Security & Risk Management Summit appeared first on Nokod Security.

Nokod Security Launches Platform to Secure Low-Code/No-Code Development Environments and Applications

Ursula Ron — Thu, 02 May 2024 10:31:04 +0000

Nokod provides security teams with visibility and control over LCNC apps and RPAs, while enlisting citizen developers to implement shift-left security principles.

NEW YORK and TEL AVIV, May 2, 2024 – Nokod Security, the security company for low-code/no-code (LCNC) application development, today announced the general availability of the Nokod Security Platform. This platform enables organizations to protect against security threats, vulnerabilities, compliance issues, and misconfigurations introduced by LCNC applications and robotic process automations (RPAs).

Most organizations currently lack any formal processes, procedures and tools for monitoring and managing the security risks associated with LCNC apps. By integrating with leading LCNC and RPA development platforms such as Microsoft Power Apps, UiPath, ServiceNow, Salesforce, and more, Nokod enables organizations to detect vulnerabilities as well as compliance issues, and prevent malicious activities before they can impact the business.

Nokod addresses the primary obstacles to securing LCNC apps and RPAs, namely, citizen developers are not security experts, and security teams are too lean to supervise every development process. To overcome this bottleneck, the Nokod Security Platform provides citizen developers clear step-by-step guidance for fixing security issues as well as automated remediation options that can be triggered with the click of a button.

"Our platform enables shift-left security in democratized development environments by enlisting citizen developers to fix problems in their LCNC apps themselves whenever possible while keeping security teams apprised of issues that need their support," said Yair Finzi, CEO of Nokod Security. "With Nokod, organizations gain the necessary visibility and control to ensure their digital transformation journey is secure and compliant at all times."

Nokod Security Platform Features and Benefits
Using compliance, governance, and security engines, The Nokod Security Platform continuously analyzes LCNC apps and automations. It provides the following capabilities to manage risk and governance of LCNC apps and RPAs:

Comprehensive Inventory Management: provides an up-to-date discovery and inventory of all LCNC apps and RPA automations for unparalleled visibility and control.
Uniform Policy Enforcement: enables uniform security policies to be applied across all applications and automations with clear remediation instructions for detected issues.
Continuous Assessment and Improvement: proprietary threat intelligence enables proactive detection and prevention of emerging threats.
Customizable and Effective Security Policies: Nokod provides suggested security policies that can be customized to meet specific business needs.
Governance and Reporting: through easy integration with existing systems, Nokod simplifies reporting to demonstrate controls for security management and compliance.

Availability
The Nokod Security Platform is available immediately from Nokod and its business partners worldwide.

The post Nokod Security Launches Platform to Secure Low-Code/No-Code Development Environments and Applications appeared first on Nokod Security.

The Unbearable Stubbornness of SQL Injection Vulnerabilities

Ursula Ron — Thu, 11 Apr 2024 11:25:41 +0000

On March 25, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) jointly issued a stern warning to software manufacturers stating that the time to eradicate SQL injection vulnerabilities for good is upon us.

This call to action reverberated across the digital landscape, prompting a flurry of reactions from the security community. As expected, security media outlets fell in line. They obediently reported about the alert, many making it the news of the day and only a few questioning the practicality or depth of the recommendations published.

Nokod Security commends CISA and the FBI for their efforts to distribute a secure-by-design philosophy and alert commercial software vendors. Still, we feel inclined to peel back some layers:

Naming the alert “Secure by Design” is misleading, if not outright wrong. SQL injection vulnerabilities were never a software design problem but of the later coding and implementation phase in the software development lifecycle.
We get it. The house was on fire, and priorities shift. This renewed effort to combat SQL injection flaws came in the wake of the Clop ransomware gang’s exploitation of such a vulnerability in the MOVEit file transfer software. The attack led to the exfiltration of data from thousands of corporate clients, impacting tens of millions of customers worldwide, and the Clop ransomware gang might have made up to $100m from its campaign.
While practical recommendations were hard to find in the alert (besides the good advice to use parametrized queries – AKA prepared statements), the calls upon the senior management took center stage: Take responsibility, improve transparency, and unleash the coffers of resources.

Unasked questions and missed opportunities

What CISA and FBI didn’t do was ask the fundamental question, which immediately comes to mind, like here in this Cybersecurity Reddit: Why are SQL injections still a thing?

Despite being a well-documented and longstanding issue with known mitigations, SQL injection vulnerabilities persist as a common defect in commercial software. But is this all the result of the software industry’s complacency? It’s a pity that CISA and FBI didn’t address that question, initiate and sponsor new research, or compile existing sources.

How, with code scanners in place and ongoing security training for developers, does this problem persist? Here are some of our speculations:

Err is human, and the more code developers write, the more mistakes are made.
The more open-source code vendors use, the less control they have over the coding practices.
As organizations become increasingly proficient in detecting and weeding out SQLi vulnerabilities in mature software, the market faces spikes of new attack risks when popular demand drives rapid adoption of emerging technologies that rely on less mature code.

SQL injection attacks are evergreen for hackers, and with automated tools to search for and exploit SQLi vulnerabilities in their arsenal, launching an attack against any new targeted application is easy. It’s an attack where there’s everything to gain and nothing to lose.

Brace of impact: SQLi in Low-code/no-code app development

The number of SQL injection attacks will not shrink, but entirely on the contrary. And we want you to be prepared for yet another wave.

While CISA and FBI call upon software companies and professional developers, a completely different cyber storm is approaching. By next year, it is expected that over 70% of apps will be developed using low-code/no-code app development platforms like Microsoft Power Apps / Power Automate, UiPath, ServiceNow AppEngine, Automation Anywhere, and many others. [Source: Gartner]

This means that most apps will never even go through the hands of a software developer. Instead, they will be created by citizen developers who are experts in the business processes they manage and automate but who might spell out SDLC as Scottish Digital Library Consortium or Student Diversity Leadership Conference.

So, the next peak of SQL injection attacks will be brought upon us by:

The vast scale of citizen app development and people without security training
The false – and dangerous – perception that SQL injections cannot happen in apps created on LCNC platforms
The failure of the existing AppSec stack to deal with the LCNC development environment

Watch how Amichai Shulman demonstrated the problem of SQL injection attacks in low-code/no-code app development only a couple of weeks ago. By the way, he threw in an HMTL injection as well.

Ensure safe in-house citizen app development

The rise of low-code/no-code development platforms has democratized software development, empowering citizen developers to create applications without any coding expertise. In this realm, no one follows a secure software development life cycle (SSDLC) that AppSec has promoted for decades.

Low-code/no-code is revolutionizing how organizations approach application development, significantly accelerating the delivery of business solutions. However, this convenience comes with inherent risks. The simplified development process can often bypass standard security protocols, leading to data leakage, security misconfigurations, and SQL injection vulnerabilities.

To eradicate SQLi attacks, we want to remind you that more will be needed than getting commercial software and professional developers back on track. For CISOs and security professionals, scrutinizing commercial software won’t be enough. The apps and automations developed in-house on low-code/node application development platforms need to be secured just as much, if not more.

Join Us on Our Journey

Subscribe to Our Newsletter – Stay informed about the latest security trends, product updates, and industry insights. Find a signup form in the sidebar.

Follow Us on LinkedIn – Connect with us on LinkedIn for real-time updates and engaging discussions.

The post The Unbearable Stubbornness of SQL Injection Vulnerabilities appeared first on Nokod Security.