Imperva Inc. : Business Logic Attacks Attractive To Hackers, Imperva Finds

Imperva Inc. : Business Logic Attacks Attractive To Hackers, Imperva Finds

ID: 107980

(Thomson Reuters ONE) -


Media Contact
Katherine Nellums
415.321.2347
Katherine.nellums(at)lewispulse.com


Study of web application attacks shows automated attacks can peak at nearly
38,000 an hour

Redwood Shores, Calif., January 26, 2012 - Imperva (NYSE: IMPV), a pioneer and
leader of a new category of data security solutions for high-value business data
in the data center, today announced the release of the second Imperva Web
Application Attack Report (WAAR), which revealed that web applications are
subject to business logic attacks. The WAAR, created as a part of Imperva's
ongoing Hacker Intelligence Initiative, offers insight into actual malicious web
application attack traffic over a period of six months, June 2011 through
November 2011.

Imperva monitored and categorized attacks across the internet targeting 40
different applications. The WAAR outlines the frequency, type and geography of
origin of each attack to help security professionals better prioritize
vulnerability remediation.

"Business logic attacks are attractive for hackers since they follow a
legitimate flow of interaction of a user with the application," said Amichai
Shulman, Imperva's CTO.  "This interaction is guided by an understanding of how
specific sequences of operations affect the application's functionality.
Therefore, the abuser can lead the application to reveal private information for
harvesting, skew information shared with other users and much more - often
bypassing security controls."

Report Highlights


· Automated application attacks continue.  In the six month period from June -
November 2011, the observed web applications suffered attacks in the range of
130,000 to 385,000 per month. At its peak, the application set was under attack
at a rate of nearly 38,000 per hour or ten per second.





· Hackers are relying on business logic attacks due to their ability to evade
detection:  Imperva also investigated two types of Business Logic attacks:
Comment Spamming and Email Extraction. Comment Spamming injects malicious links
into comment fields to alter search engine results and potentially defraud
consumers.  Email Extraction simply catalogs email addresses for building spam
lists.  These Business Logic attacks accounted for 14% of the analyzed malicious
traffic.

· The geographic origin of Business Logic attacks were:
o Email extraction was dominated by hosts based in African countries.
o An unusual portion of the Comment-spamming activity was observed from eastern-
European countries.

· Hackers exploit five common application vulnerabilities: The five most common
application vulnerabilities are: Remote File Inclusion (RFI), SQL Injection
(SQLi), Local File Inclusion (LFI), Cross Site Scripting (XSS) and Directory
Traversal (DT). Cross Site Scripting and Directory Traversal are the most
prevalent classical attack types. Why are these vulnerabilities targeted?
Hackers prefer the path of least resistance and application vulnerabilities
offer a rich target.


About Imperva
Imperva is a pioneer and leader of a new category of data security solutions for
high-value business data in the data center. With more than 1,500 end-user
customers and thousands of organizations protected through cloud-based
deployments, Imperva's customers include leading enterprises, government
organizations, and managed service providers who rely on Imperva to prevent
sensitive data theft from hackers and insiders. The award-winning Imperva
SecureSphere identifies and secures high-value data across file systems, web
applications and databases. For more information, visit www.imperva.com, follow
us on Twitter or visit our blog.

© 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and
SecureSphere are trademarks of Imperva, Inc.






This announcement is distributed by Thomson Reuters on behalf of
Thomson Reuters clients. The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and
other applicable laws; and
(ii) they are solely responsible for the content, accuracy and
originality of the information contained therein.

Source: Imperva Inc. via Thomson Reuters ONE

[HUG#1580217]


Unternehmensinformation / Kurzprofil:
drucken  als PDF  an Freund senden  EDB ErgoGroup enters into collaboration agreement for e-health care services with Medixine Alma Media's regional and local newspaper unit named Alma Regional Media
Bereitgestellt von Benutzer: hugin
Datum: 26.01.2012 - 09:00 Uhr
Sprache: Deutsch
News-ID 107980
Anzahl Zeichen: 4787

contact information:

Kategorie:

Business News



Diese Pressemitteilung wurde bisher 151 mal aufgerufen.


Die Pressemitteilung mit dem Titel:
"Imperva Inc. : Business Logic Attacks Attractive To Hackers, Imperva Finds"
steht unter der journalistisch-redaktionellen Verantwortung von

Imperva Inc. (Nachricht senden)

Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).

Imperva Report Details Automated Web Application Attacks ...

12 - Imperva, Inc. (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, today released its April Hacker Intelligence Report Automation of Attacks, which analyzes how and why ...

Alle Meldungen von Imperva Inc.



 

Werbung



Sponsoren

foodir.org The food directory für Deutschland
News zu Snacks finden Sie auf Snackeo.
Informationen für Feinsnacker finden Sie hier.

Firmenverzeichniss

Firmen die firmenpresse für ihre Pressearbeit erfolgreich nutzen
1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z