Imperva recently released a semi-annual Web Application Attack Report that found that, on average, web applications suffer security attacks for what amounts to two out of every six months. Looking at 50 publicly available web apps over a six month period (December 2011-May 2012), Imperva found that the average web app is subject to 137 “attacks incidents” typically spread over 59 days. From PCWorld:
An attack incident was defined by the company as a burst of malicious traffic that exceeded a rate of 30 attack requests per five minutes. …
The worst case seen by the company involved an application that experienced 1,383 attack incidents spanning 141 battle days, or 80 percent of the days in the six-month period.
The typical attack incident had a magnitude of 195 requests and lasted almost 8 minutes, Imperva said in its report. However, the worst incident lasted 10 times longer than that and involved 8,790 attack requests.
The company changed the way it tracks data for this report, which shed light on insights that differ from their past reports and long-standing assumptions. The biggest finding is that SQL injections appear to be the most common attack – dethroning cross site scripting and directory traversal attacks that were previously considered the most popular among hackers. The latest report found that the average app suffered 17.5 SQL attacks, but that number ranged all the way up to 320 attacks on a single application.
The new methodology allowed the company’s researchers to see things in a different way, Shulman said. “While the number of individual requests for cross-site scripting and directory traversal is higher than for SQL injection, in reality, the number of attacks in which SQL injection is involved is higher.”
Another interesting finding was that the highest number of SQL injection requests originated in France and not the U.S., which is the primary source of other types of attacks like remote file inclusion, directory traversal or local file inclusion.
Read the full article at PCWorld >>>
Knowing that SQL injections, cross-site scripting and directory traversal are the most common attacks gives you a good place to start security testing. Considering the average web application is under attack essentially every one out of three days means you can’t take security for granted.