Recently, Veracode published a compelling Infographic on the true costs of a data breach.
According to the graphic 30% of data breaches are caused by SQL Injection. How is that still possible? SQL Injection was solved 10 years ago with the introduction of the positive security model with Web Application Firewalls and with proper code audits. Sadly, we still see major data breaches caused by a dated attack vector caused by the following:
- Misinformation of security officers, who are made to believe that signature-based technologies such as IPS would stop SQL Injection. In a previous article we explored the differences between an IPS and a WAF and why SQL Injection still prevails.
- The classic “I’m a small shop, no one targets me” misconception, that leads unaware business owners to believe that SQL Injection attacks and other web attacks are only targeted or worse – only targeted at big companies. Credit card data stored in a small mom-and-pop shop database has the same value of one stored at a large bank database.
Where can I learn more?