Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Imperva CTO Casts Doubt over IBM X-Force’s Claim that SQL Injections Are Declining

March 2010 by Imperva

IBM’s X-Force published a report where SQL Injection is in decline: http://www.networkworld.com/news/2010/031210-sql-injection-active-x-on.html

The report cites: “11 per cent drop in discovered vulnerabilities compared to 2008, including a decline in the largest categories like SQL Injections and ActiveX.”

Imperva CTO Amichai Shulman cast doubt over the findings. “The report is misleading. The report is about known vulnerabilities, IBM only counts vulnerabilities in commercial products and frameworks. While there might be a decline in the number of SQL injection vulnerabilities in products and frameworks it is not necessary indicative of the number of application specific vulnerabilities. Also, while the percentage of SQL injection vulnerabilities among total vulnerabilities may decline, their overall absolute number is still on the rise as more vulnerable applications are put online. “

Shulman pointed to the recent Cenzic report that showed SQL Injections on the rise. “The Cenzic study, correctly, tracked SQL Injections in custom applications which are not counted in the IBM X-Force report. This is a much better indicator of what we see with our own forensic investigations.”

Shulman cautioned that the IBM report could potentially send the wrong message to the industry. “SQL Injections are the first choice when it comes to data theft. Any hint that such attacks are on the decline could give the wrong impression that SQL Injection attacks are on the decline. The reality is that fact enterprises need to extremely vigilant and do everything they can do stop hacker’s favorite method of attack.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts