Barclays: 97 percent of data breaches still due to SQL injection

[InfoSec News <alerts () infosecnews org>]

http://news.techworld.com/security/3331283/barclays-97-percent-of-data-breaches-still-due-sql-injection/

By Sophie Curtis
Techworld
19 January 2012

SQL injection attacks have been around for more than ten years, and 
security professionals are more than capable of protecting against them; 
yet 97 percent of data breaches worldwide are still due to an SQL 
injection somewhere along the line, according to Neira Jones, head of 
payment security for Barclaycard.

Speaking at the Infosecurity Europe Press Conference in London this 
week, Jones said that hackers are taking advantage of businesses with 
inadequate and often outdated information security practices. Citing the 
most recent figures from the National Fraud Authority, she said that 
identity fraud costs the UK more than £2.7 billion every year, and 
affects more than 1.8 million people.

“Data breaches have become a statistical certainty,” said Jones. “If you 
look at what the public individual is concerned about, protecting 
personal information is actually at the same level in the scale of 
public social concerns as preventing crime.”

SQL injection is a code injection technique that exploits a security 
vulnerability in a website's software. Arbitrary data is inserted into a 
string of code that is eventually executed by a database. The result is 
that the attacker can execute arbitrary SQL queries or commands on the 
backend database server through the web application.

[...]

_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn