Only 8% of Web applications secured against common hacking.Nebulas Security Limited, has announced the results of research conducted by its application penetration-testing partner, Imperva, Inc. After four years of penetration testing on more than 250 web applications including e-commerce, online banking, enterprise collaboration, and supply chain management sites, Imperva concluded that at least 92% of web applications are vulnerable to some form of hacker attacks. The vulnerability assessments were carried out by Imperva's Application Defence Centre and found that the most common type of attacks were cross-scripting, SQL injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not and parameter tampering Modifying elements in the URL sent to a Web site in order to obtain unauthorized information. User queries are often passed to the database in the Web server by appending search arguments to the URL used to locate the site. . Despite the use of defences, such as firewalls and intrusion detection See IDS and IPS. , hackers were able to access valuable proprietary and customer data, shut- down websites and servers, defraud To make a Misrepresentation of an existing material fact, knowing it to be false or making it recklessly without regard to whether it is true or false, intending for someone to rely on the misrepresentation and under circumstances in which such person does rely on it to his or businesses and introduce serious legal liability without being stopped or, in many cases, even detected. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion