Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these vulnerabilities, according to a report released today.
It all comes down to input validation, or lack of it, said Deral Heiland, research lead at Boston-based Rapid7, Inc. and one of the authors of the report.