Mackenzie
Mackenzie is a security researcher and advocate with a passion for code security. He is the former CTO and founder of Conpago, where he learned firsthand the importance of building secure applications. Today, Mackenzie works for Aikido security to help developers and DevOps engineers build secure systems. He also shares his knowledge as a contributor to many technology publications like DarkReading, Financial Times, and Security Boulevard along with appearing as an expert in TV documentaries and interviews.
Head of DevRel and Research
Session
Injection attacks like SQL injection (SQLi) are older than the Internet Explorer, yet they still plague modern applications. Our recent research examined SQLi, Command Injection, Path Traversal, and Cross-Site Scripting (XSS) vulnerabilities in open and closed-source projects to understand their prevalence in modern apps.
SQLi alone accounted for 6.7% of vulnerabilities in open-source and 10% of closed-source vulnerabilities discovered in 2024. Command injection, Path Traversal, and XSS also remain dominant threats.
This presentation explores why injection attacks persist despite known solutions and examines whether new technologies can finally eliminate them. We’ll review our research methodology, which included analyzing over 50,000 closed-source projects, and highlight key findings. Real-world case studies, such as the MoveIT attack, will underscore their ongoing impact. We’ll conclude with prevention strategies and discuss why injection vulnerabilities may persist for another decade.