Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

SQL Injections Remain Most Popular Application Attack Vector

Imperva : 08 August, 2012  (Technical Article)
Imperva reveals the retained popularity of SQL injections as the method most used for attacking web applications

Imperva has released the results of the third Imperva Web Application Attack Report (WAAR), which reveals that the median annual attack incidents on the 50 Web applications observed was 274 times a year, with one target experiencing more than 2,700 attack incidents.

According to the report, the average attack incident for the observed Web applications lasted seven minutes and 42 seconds, but the longest attack incident lasted an hour and 19 minutes. SQL Injection remains the most popular attack vector.

“These findings indicate a significant difference between an average Web application attack incident and the upper limit,” said Amichai Shulman, CTO, Imperva. “We believe that organizations that are only prepared for an average attack incident may be overwhelmed by larger attack incidents, like a flood bursting through a levy.”

The WAAR, created as part of Imperva’s ongoing Hacker Intelligence Initiative, offers insight into actual malicious attack traffic of 50 Web applications over a period of six months, December 2011 through May 2012.  Imperva monitored and categorized numerous individual attacks across the Internet, as well as attacks targeting different enterprise and government Web applications. The WAAR outlines the frequency, type, and geography of origin of each attack to help security professionals prioritize vulnerability remediation.

Highlights from the report include:

* SQL injection remains most common attack vector: Imperva reviews and summarizes the cumulative characteristics of Web application attack vectors, including SQL injection, cross-site scripting (XSS), RFI and LFI, and observes that SQL injection is the most commonly used attack for the 50 observed Web applications.
* Intensity of attacks increasing: Applications will typically see only some serious attack action roughly every third day, for a few minutes, but the attacks may overwhelm the application if the defenses are prepared for only the average intensity of attack.
* France leads SQL injection: As reported in the previous WAAR report, the majority of requests and attackers originate in the USA, western European countries, China and Brazil. However, France has emerged as the leading source of SQL injection attacks, with the attack volume of requested originating from France almost four times greater than that of the United States.

“The cyber battlefield looks a lot more like a border keeping mission than total war – most of the time very little happens, but every once in a while there's an outbreak of attacks,” said Shulman. “Regardless of the frequency of attacks and peaceful periods, we believe organizations need to be prepared for these bursts of activity during attack incidents.”
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo