A recent report by Imperva, a data security firm, found that a web application is attacked one of three days on average writes Lucian Constantin for Computerworld. The report found that a typical web application is attached 137 times in 59 separate days during a six-month period.
These new findings in Imperva’s Web Application Attack Report are based on research collected from 50 publicly available web applications between December 2011 and May 2012. The report defined an attack as a burst of malicious traffic that exceeded a rate of 30 attack requests per five minutes.
Other findings in the report included:
- A typical attack had 195 requests and lasted almost 8 minutes. The worse attack of the study was 10 times longer in duration.
- In this year’s report, SQL injection (SQLi) was the attack technique most commonly used. In past reports, cross-site scripting and directory traversal attacks were the most common.
- The highest number of SQL injection requests originated in France. This finding is surprising and researchers do not have an answer for why.
Analysts for the Imperva report recommend that companies be prepared to protect their web applications at all times and also to have protection not just against the average attack but for the worse ones as well.