Twitter Facebook Youtube

Web Applications May Experience More Than 2,700 Attack Incidents Per Year

Redwood Shores, CA, Aug 7, 2012 – (ACN Newswire) – Imperva, Inc. (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, released today the results of the third Imperva Web Application Attack Report (WAAR), which reveals that the median annual attack incidents on the 50 Web applications observed was 274 times a year, with one target experiencing more than 2,700 attack incidents.

According to the report, the average attack incident for the observed Web applications lasted seven minutes and 42 seconds, but the longest attack incident lasted an hour and 19 minutes. SQL Injection remains the most popular attack vector.

“These findings indicate a significant difference between an average Web application attack incident and the upper limit,” said Amichai Shulman, CTO, Imperva. “We believe that organizations that are only prepared for an average attack incident may be overwhelmed by larger attack incidents, like a flood bursting through a levy.”

The WAAR, created as part of Imperva’s ongoing Hacker Intelligence Initiative, offers insight into actual malicious attack traffic of 50 Web applications over a period of six months, December 2011 through May 2012. Imperva monitored and categorized numerous individual attacks across the Internet, as well as attacks targeting different enterprise and government Web applications. The WAAR outlines the frequency, type, and geography of origin of each attack to help security professionals prioritize vulnerability remediation.

Highlights from the report include:

- SQL injection remains most common attack vector: Imperva reviews and summarizes the cumulative characteristics of Web application attack vectors, including SQL injection, cross-site scripting (XSS), RFI and LFI, and observes that SQL injection is the most commonly used attack for the 50 observed Web applications.

- Intensity of attacks increasing: Applications will typically see only some serious attack action roughly every third day, for a few minutes, but the attacks may overwhelm the application if the defenses are prepared for only the average intensity of attack.

- France leads SQL injection: As reported in the previous WAAR report, the majority of requests and attackers originate in the USA, western European countries, China and Brazil. However, France has emerged as the leading source of SQL injection attacks, with the attack volume of requested originating from France almost four times greater than that of the United States.

“The cyber battlefield looks a lot more like a border keeping mission than total war – most of the time very little happens, but every once in a while there’s an outbreak of attacks,” said Shulman. “Regardless of the frequency of attacks and peaceful periods, we believe organizations need to be prepared for these bursts of activity during attack incidents.”

For a full copy of the Web Application Attack Report, visit

To sign up for a webinar detailing the report, visit

About Imperva

Imperva is a pioneer and leader of a new category of data security solutions for high-value business data in the data center. With more than 1,800 end-user customers and thousands of organizations protected through cloud-based deployments, Imperva’s customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere identifies and secures high-value data across file systems, web applications and databases. For more information, visit, follow us on Twitter or visit our blog. We’re hiring! Help us protect the world’s data:

Media Contact:

Fitzgerald Barth

Forward Looking Statements
This news release contains forward-looking statements, including without limitation those regarding Imperva’s belief that organizations that are only prepared for an average attack incident may be overwhelmed by larger attack incidents and Imperva’s belief that organizations need to be prepared for attack incidents. These forward-looking statements are subject to material risks and uncertainties that may cause actual results to differ substantially from expectations. You should consider important risk factors, which include: the risk that our products are not adopted at levels that we anticipate; the risk that competitors may be perceived by customers to be better positioned to help handle Web application attacks; and other risks detailed under the caption “Risk Factors” in Imperva’s Form 10-Q filed with the Securities and Exchange Commission, or the SEC, on May 11, 2012 and Imperva’s other SEC filings. You can obtain copies of Imperva’s SEC filings on the SEC’s website at We undertake no obligation to update any of the forward-looking statements contained herein after the date of this release, whether as a result of new information, future events or otherwise.

(C) 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are registered trademarks of Imperva, Inc.

This announcement is distributed by Thomson Reuters on behalf of Thomson Reuters clients.

The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and other applicable laws; and
(ii) they are solely responsible for the content, accuracy and originality of the information contained therein.

Source: Imperva Inc. via Thomson Reuters ONE

Aug 7, 2012

Topic: New Security Issue
Sectors: Financial General, IT Internet

From the Asia Corporate News Network

Copyright © 2012 ACN Newswire. All rights reserved. A division of Asia Corporate News Network.

Article source: