 |
| Thursday, 26 January 2012, 16:09 HKT | |
| |  | |
Source: Imperva Inc. | |
|
|
|
| Study of web application attacks shows automated attacks can peak at nearly 38,000 an hour |
Redwood Shores, CA, Jan 26, 2012 - (ACN Newswire) - Imperva (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, today announced the release of the second Imperva Web Application Attack Report (WAAR), which revealed that web applications are subject to business logic attacks. The WAAR, created as a part of Imperva's ongoing Hacker Intelligence Initiative, offers insight into actual malicious web application attack traffic over a period of six months, June 2011 through November 2011.
Imperva monitored and categorized attacks across the internet targeting 40 different applications. The WAAR outlines the frequency, type and geography of origin of each attack to help security professionals better prioritize vulnerability remediation.
"Business logic attacks are attractive for hackers since they follow a legitimate flow of interaction of a user with the application," said Amichai Shulman, Imperva's CTO. "This interaction is guided by an understanding of how specific sequences of operations affect the application's functionality. Therefore, the abuser can lead the application to reveal private information for harvesting, skew information shared with other users and much more - often bypassing security controls."
Report Highlights
- Automated application attacks continue. In the six month period from June - November 2011, the observed web applications suffered attacks in the range of 130,000 to 385,000 per month. At its peak, the application set was under attack at a rate of nearly 38,000 per hour or ten per second.
- Hackers are relying on business logic attacks due to their ability to evade detection: Imperva also investigated two types of Business Logic attacks: Comment Spamming and Email Extraction. Comment Spamming injects malicious links into comment fields to alter search engine results and potentially defraud consumers. Email Extraction simply catalogs email addresses for building spam lists. These Business Logic attacks accounted for 14% of the analyzed malicious traffic.
- The geographic origin of Business Logic attacks were:
-- Email extraction was dominated by hosts based in African countries.
-- An unusual portion of the Comment-spamming activity was observed from eastern-European countries.
- Hackers exploit five common application vulnerabilities: The five most common application vulnerabilities are: Remote File Inclusion (RFI), SQL Injection (SQLi), Local File Inclusion (LFI), Cross Site Scripting (XSS) and Directory Traversal (DT). Cross Site Scripting and Directory Traversal are the most prevalent classical attack types. Why are these vulnerabilities targeted? Hackers prefer the path of least resistance and application vulnerabilities offer a rich target.
About Imperva
Imperva is a pioneer and leader of a new category of data security solutions for high-value business data in the data center. With more than 1,500 end-user customers and thousands of organizations protected through cloud-based deployments, Imperva's customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere identifies and secures high-value data across file systems, web applications and databases. For more information, visit www.imperva.com, follow us on Twitter or visit our blog.
(c) 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are trademarks of Imperva, Inc.
Media Contact
Katherine Nellums
+1-415-321-2347
Katherine.nellums@lewispulse.com
This announcement is distributed by Thomson Reuters on behalf of Thomson Reuters clients.
The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and other applicable laws; and
(ii) they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Imperva Inc. via Thomson Reuters ONE
Copyright (c) Thomson Reuters 2012. All rights reserved.
Jan 26, 2012
Topic: Press release summary
http://www.acnnewswire.com
From the Asia Corporate News Network
Copyright © 2012 ACN Newswire. All rights reserved. A division of Asia Corporate News Network.
|
|
|
 |
|
|
|
| Imperva Inc. |
|
| May 17, 2012 |
|
Imperva Enhanced Dynamic Profiling for Its Web Application Firewall |
|
| Apr 24, 2012 |
|
Imperva Report Details Automated Web Application Attacks |
|
| Apr 2, 2012 |
|
Imperva Deconstructs Local and Remote File Inclusion Attack Vectors |
|
| Feb 27, 2012 |
|
Imperva Analyzes High-Profile 'Anonymous' Attack |
|
| Dec 28, 2011 |
|
Imperva Named Finalist in Info Security Products Guide's Global Excellence Awards |
|
| Dec 14, 2011 |
|
Imperva Releases Detailed Password Cracking Analysis |
|
| Dec 7, 2011 |
|
Imperva Enhances U.S. Government Agencies Data Protection Efforts |
|
| Dec 6, 2011 |
|
Imperva Predicts Top Nine Cyber Security Trends for 2012 |
|
| Nov 10, 2011 |
|
Imperva Announces Full Exercise of Underwriters' Option to Purchase Additional Shares |
|
| Nov 9, 2011 |
|
Imperva Announces Pricing of Initial Public Offering |
|
| More news >> |
|
|
|
