Web applications under attack every two minutes

"Most security research focuses on vulnerabilities and, while this insight is extremely valuable, it doesn't always help businesses prioritize their security efforts," comments Amichai Shulman, lead researcher and Imperva CTO. "Take a look at the OWASP Top 10, for example. RFI and Directory Traversal were not identified as top vulnerabilities, yet our research shows that these are two of the most common attacks used by hackers to steal data," he explains. "It's impossible to have effective risk management without understanding which vulnerabilities are most likely to be exploited." He points to the current prevalence of automated attacks. According to Imperva's WAAR (created as a part of the company's hacker intelligence initiative) attack traffic during the six months to May was characterised by spikes of high volume attack activity, followed longer periods of lighter activity. Interestingly, it also shows that when websites came under automated attack, they received up to 25,000 attacks in one hour, or seven every second. Shulman says that the four most prevalent web application attacks include directory traversal (37%), cross site scripting (36%), SQL injection (23%) and remote file include (four percent). These attacks were often used in combination to scan for vulnerabilities and subsequently exploit them. Most attacks come from within the United States. Over 61% of the attacks originated from bots in the US. Attacks from China made up almost 10%, followed by attacks originating in Sweden and France. Geography, however, is less than reliable, according to Shulman, who suggests that filtering attacks by reputation is more so. WAAR data shows that 29% of the attacks originated from the same 10 most active attack sources.