Do not envy the life of a Web app. It's a brutal, public existence
filled with attacks from all sides. In fact, a new report by Imperva
sheds some light on this sad life, showing that a typical Web app is
attacked once every three days and some are targeted as many as 2,700
times in a given year.
Web apps are lots of fun for attackers
because they're publicly accessible and take all kinds of interesting
inputs. Attackers can take their time, throwing whatever data they
choose at a given app and then see what happens to break. To determine
what this attack landscape looks like, Imperva monitored 50 Web
applications for six months, looking at the kinds of attacks each one
endured and pulling out trends.
One of the more interesting
findings was that the typical Web app can expect to be attacked every
third day and that some of the applications are under attack as often as
292 days per year. There are likely to be multiple attack incidents on
any given day, as well. The average attack that Imperva observed lasted a
little less than eight minutes and the longest went on for about 80
minutes.
"However, regardless of attack frequency periods, compared to the peaceful periods, the success of the whole mission depends on the defense performance when under attack. Therefore, the defense solutions and procedures should be designed to accommodate attack bursts," the Imperva report says.
"While, typically, an application will see only some serious attack action on 59 days in 6 months (roughly on every third day on average), and the attack period may last only a few minutes. The intensity of the attack will be overwhelming if the defense side was prepared for the average case (27 or 18 attacks per hour as discovered on our previous reports) as the attack will consist of hundreds or even thousands of individual attack requests."
Unsurprisingly,
the report found that SQL injection was the most common attack type. As
simple as it is and as old as it is, SQL injection still works nicely,
thanks to the widespread nature of the vulnerabilities the attack
exploits. Oddly, however, Imperva found that while the vast majority of
the IP addresses involved in attacks against the monitored Web apps were
in the United States, most of the SQL injection attack traffic actually
came from France.
Looking at historical attack data to try and
predict when attacks may come in the future can be difficult, the report
found. Much of the attack traffic the company observed flowing into the
50 Web apps it was monitoring came in unpredictable bursts. One of the
apps, which Imperva monitored for a full year rather than six months,
experienced short spikes in attack traffic every few weeks until a major
burst in January 2012, which was seven or eight times the normal
volume. The number of attacks then subsided and went back to its normal
pattern of occasional spikes.
"Don’t be fooled by relative average calm of the battlefield. As you typically would witness a 'battle day' only on one day out of three, and it typically would last just a few minutes. However the way your security solution and process would perform on these minutes really determines your overall security performance. So, base your estimations for the security measures you need on the worst-case scenario and not on the average case," Imperva said in the report.
Courtesy by Dennis Fisher
No comments:
Post a Comment