October 31, 2012

SQL Injection Disconnection

This week, Imperva's ADC released the latest Hacker Intelligence Initiative Report.  Our focus this month was hacker forums. 

The purpose of studying hacker forums is simple:  learn about the hacking community by studying their chatter.  I have to give credit to Ericka from Dark Reading whose title best summarized our findings so I'm stealing her title:  The SQL Injection Disconnection.

Hackers are focusing a lot on this vulnerability for several reasons:

  1. SQL injection supports a proven, profitable business model:  steal data and sell it.  For hacktivists, stealing data helps demolish a company's value--just look at Sony's stock price the day after it was breached on March 15, 2011.
  2. Many tools exist to automated the attacks.  See our old blog on this.  
  3. Security teams continue to rely on IPS, network firewalls and antivirus--all of which don't even know a SQL injection from a hole in the wall.

The question is:  Why does SQL injection continue to be ignored?  One security journalist I spoke to was frustrated by constantly writing stories about how SQL injection with little impact.  Why is this?  Here are some possible reasons (and feel free to submit your own):

  1. Security is driven by renewals as Imperva's CEO Shlomo Kramer explained in this Forbes interview, "IT managers at large companies — typically chief information officers (CIOs) — prefer to sign checks for the same, established software to protect their web applications, rather than make the uncomfortable changes necessary. It’s easier to do the former than change how money is spent, which can require all manner of approvals."
  2. A strong reliance on traditional security technologies--IPS, AV and network firewalls--means many people simply aren't seeing how their applications are being attacked.  You can't protect yourself if you don't know what is hitting you.
  3. Compliance requires older technologies.  Many compliance mandates emphasize technologies that don't stop SQL injections (PCI is a notable exception).

For more on stopping SQL injections, please visit our extensive blog on the topic.

Our report is available here (no reg required).




Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.