Verizon Breach Report – Application Security Specific Highlights

Wednesday, March 28, 2012

Fergal Glynn


Article by Chris Wysopal

Verizon Data Breach Investigative Report 2012 – Application Security Specific Highlights

Verizon just released its 2012 Data Breach Investigative Report which contains findings contributed by global agencies such as the U.S. Secret Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information Service, the Australian Federal Police and the London Metropolitan Police.

I thought it would be good to put together a quick summary covering application security specific highlights in the report. Enjoy!

81% of attacks utilized some sort of Hacking. Within hacking there is a stark difference between large and small organizations. SQL injection comes in 3rd after use of stolen login credentials and exploitation of backdoor or command and control channel. It is tied with dictionary attacks.

This data shows large organizations have much more application security risk than small organizations (click image to enlarge):

Source: Verizon DBIR Report

SQL Injection comes in 8th overall for threat action when malware, physical, and social engineering are included (click image to enlarge):

Source: Verizon DBIR Report

This breakdown by larger organizations in this year’s DBIR helps highlight our target customer pain much better. 10% of all hacking breaches were web application related for all orgs but 54% for large organizations! How can a large organization not have a web application security program after seeing this data? (click image to enlarge)

Source: Verizon DBIR Report

And finally SQL Injection makes the top list of risk reduction recommendations.

Our recommendations will be driven off of Table 8, which is in the Threat Action Overview section, and shows the top ten threat actions against larger organizations. Rather than repeat the whole list here, we’ll summarize the points we think represent the largest opportunities to reduce our collective exposure to loss:

  • Keyloggers and the use of stolen credentials
  • Backdoors and command control
  • Tampering
  • Pretexting
  • Phishing
  • Brute force
  • SQL Injection

Cross-posted from Veracode

Possibly Related Articles:
SQl Injection breaches Application Security Access Control Attacks Exploits hackers Dictionary Attack backdoor DBIR 2011 Verizon Breach Report
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.