Wi-Fi client security weaknesses still prevalent ... » The basic operation of how the majority of mobile devices connect to networks leaves them open to “K... U.S. Army awards Cubic $21 million foreign militar... » SAN DIEGO, Calif.: Cubic Corporation, announced yesterday it was awarded a $21 million foreign milit... New partner portal, more incentives and additional... » Chatham, New Jersey: Tufin Technologies, the leading provider of Security Policy Management solution... Lancope: Lessons need to be learned from the lat... » Commenting on the New York Times report that the US is again being bombarded by attacks from Chinese... Huawei rules tech world…wins the "Best Integrated ... » Barcelona, Spain: Vigilance can Huawei, a leading global information and communications technology (... Leader’s boy’s volcanic tendency gives Ki-moon sle... » Impetuous and attention-seeking leader’s boy gazing at the enemies' location? Ban concerned ab... Bojo and MPS launch competition to design new Met ... » Vigilance can report that the Mayor of London Boris Johnson and the Metropolitan Police Service ... Fleet operators urged to buckle up as cash-for-cra... » crash-cam-print-van With cash-for-crash scheme convictions taking place all over the country, fl... Imtradex raises unobtrusive communication to a ne... » Dreieich: Covert investigations, observations and many other applications of police, security firms... Prolexic tracks more than 47 million DDoS attack B... » HOLLYWOOD, FL: Prolexic, the global leader in Distributed Denial of Service (DDoS) protection ser...

Sub Menu

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

Web Applications may experience more than 2,700 attack incidents per year

Print PDF

Written by DARSHNA KAMANI | 07 August 2012

REDWOOD SHORES, Calif.: Imperva, Inc. (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, released today the results of the third Imperva Web Application Attack Report (WAAR), which reveals that the median annual attack incidents on the 50 Web applications observed was 274 times a year, with one target experiencing more than 2,700 attack incidents.

 

According to the report, the average attack incident for the observed Web applications lasted seven minutes and 42 seconds, but the longest attack incident lasted an hour and 19 minutes. SQL Injection remains the most popular attack vector.

“These findings indicate a significant difference between an average Web application attack incident and the upper limit,” said Amichai Shulman, CTO, Imperva. “We believe that organizations that are only prepared for an average attack incident may be overwhelmed by larger attack incidents, like a flood bursting through a levy.”

The WAAR, created as part of Imperva’s ongoing Hacker Intelligence Initiative, offers insight into actual malicious attack traffic of 50 Web applications over a period of six months, December 2011 through May 2012. Imperva monitored and categorized numerous individual attacks across the Internet, as well as attacks targeting different enterprise and government Web applications. The WAAR outlines the frequency, type, and geography of origin of each attack to help security professionals prioritize vulnerability remediation.

Highlights from the report include:

• SQL injection remains most common attack vector: Imperva reviews and summarizes the cumulative characteristics of Web application attack vectors, including SQL injection, cross-site scripting (XSS), RFI and LFI, and observes that SQL injection is the most commonly used attack for the 50 observed Web applications.

• Intensity of attacks increasing: Applications will typically see only some serious attack action roughly every third day, for a few minutes, but the attacks may overwhelm the application if the defenses are prepared for only the average intensity of attack.

• France leads SQL injection: As reported in the previous WAAR report, the majority of requests and attackers originate in the USA, western European countries, China and Brazil. However, France has emerged as the leading source of SQL injection attacks, with the attack volume of requested originating from France almost four times greater than that of the United States.

“The cyber battlefield looks a lot more like a border keeping mission than total war – most of the time very little happens, but every once in a while there's an outbreak of attacks,” said Shulman. “Regardless of the frequency of attacks and peaceful periods, we believe organizations need to be prepared for these bursts of activity during attack incidents.”

 

< Prev   Next >

Add comment


Security code
Refresh