Government Technology

Report: Web Applications Are Attacked Every Three Days


August 10, 2012 By

The average Web application is seriously attacked 59 times over a period of six months — once every third day — according to new research from Imperva, released this week.

The company monitored activity for 50 Web applications, which weren’t named, in their latest Web application attack report (WAAR). The sampling period occurred from December 2011 to May 2012. The data analyzes frequency, type and origins of attacks.

Imperva, an application and database security provider, discovered that the average attack incident lasted seven minutes and 42 seconds, but the longest incident lasted an hour and 19 minutes. SQL injections were the most popular.

“These findings indicate a significant difference between an average Web application attack incident and the upper limit,” said Imperva CTO Amichai Shulman in a press release. “We believe that organizations that are only prepared for an average attack incident may be overwhelmed by larger attack incidents, like a flood bursting through a levy.”

Report data includes:

  • SQL injection remains most common attack vector: Imperva reviews and summarizes the cumulative characteristics of Web application attack vectors, including SQL injection, cross-site scripting (XSS), RFI and LFI, and observes that SQL injection is the most commonly used attack for the 50 observed Web applications.
  • Intensity of attacks increasing: Applications will typically see only some serious attack action roughly every third day, for a few minutes, but the attacks may overwhelm the application if the defenses are prepared for only the average intensity of attack.
  • France leads SQL injection: As reported in the previous WAAR report, the majority of requests and attackers originate in the U.S., western European countries, China and Brazil. However, France has emerged as the leading source of SQL injection attacks, with the attack volume of requested originating from France almost four times greater than that of the United States.

"The cyberbattlefield looks a lot more like a border keeping mission than total war - most of the time very little happens, but every once in a while there's an outbreak of attacks," said Shulman. "Regardless of the frequency of attacks and peaceful periods, we believe organizations need to be prepared for these bursts of activity during attack incidents."

To download the full report, visit Imperva’s website.


You may use or reference this story with attribution and a link to
http://www.govtech.com/security/Report-Web-Applications-Are-Attacked-Every-Three-Days.html


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

GovTech Papers and Case Studies View Library


Government Best Practices


Collaboration for the Public Sector


Collaborative Justice: Transforming Criminal Justice Services Through Unified Collaboration
This issue brief examines video collaboration in every stage of the human justice process, demonstrating how this technology can not only make services more efficient, affordable, and accessible.

Cloud-Based Services Accelerate Public Sector Adoption of Video Collaboration
Today, thanks to new cloud technologies and high-quality networks, mobile video services - which provide not only cost savings but which help governmental interactions become more efficient - are more feasible than ever before.

Modernization as a Service: Acquiring IT through Innovative Procurement

Five Ways Collaboration is Driving Government Performance

Mobile Video Collaboration: The New Business Reality
 

Government Technology
Public CIO
Emergency Management
Digital Communities