A new report by iMPERVA shows that
from 2005 through today, SQL injection has been responsible for 83% of successful hacking-related data breaches.
Based on the sites they were monitoring, over half of attacks originate in United States.
Country
Number of Originating Attacks
%
United States
48176
58
Sweden
8850
11
China
6709
8
Great Britain
4970
6
Vietnam
2412
3
Netherlands
1963
2
Bulgaria
1359
2
Ecuador
1356
2
European Union
1093
1
Germany
971
1
Other
4748
6
The vectors of attacks are:
Direct Query Manipulation
This is often done by appending a logical expression with a known value to the parameter that the application expects, like:? OR 1=1 to get a true value or 1?/**/ aND/**/?8?=?3 to get a false value. This type of vectors is most often used to establish the existence of a SQL in...
Posted At : Mar 11, 2010 14:42 PM
| Posted By : Ed Tabara
Related Categories: Security
Related Categories: Security
According to iMPERVA
In December 2009, a major password breach occurred that led to the release of 32 million passwords. Further, the hacker posted to the Internet the full list of the 32 million passwords (with no other identifiable information). Passwords were stored in cleartext in the database and were extracted through a SQL Injection vulnerability. The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. In the past, password studies have focused mostly on surveys. Never before has there been such a high volume of real-world passwords to examine.
The Imperva Application Defense Center (ADC) analyzed the strength of the passwords and here is what they found:
About 30% of users chose passwords whose length is equal or below six characters.
Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters.
Nearly 50% of users used n...
