SQL injection attacks still a major threat

Education and deploying the necessary mitigation tactics to prevent SQLi attack should be top of mind for everyone, says Barry Shteiman.

This past month, according to Imperva's Community Defence service, of the 300,000 attack campaigns that have occurred globally 24.6 percent were SQLi attacks. Writing in response to this revelation, Barry Shteiman, director of security strategy at Imperva, noted the overarching cost of such SQL injection attacks.

The recent incident of the US Navy SQLi database breach exposes the true damage such attacks can yield. Prior to being shut down, the attack cost more than 220,000 naval service members their personal information and cost the Navy more than £300,000 (US$ 500,000) in recovery.

Though a staggering sum, Shteiman points out in his blog, that the cost for even a minor SQLi attack is around £120,000 (US$ 200,000) —“a hefty price to pay for an attack vector that was solved by web application security technologies, however due to lack of awareness and application security - that vector is still a money maker for hackers.”

“Education and deploying the necessary mitigation tactics to prevent an attack should be top of mind for everyone,” says Shteiman. “It's certainly one step to avoid a breach.”