The State of Application Security 2012 Infographic
It’s not every week that we release two infographics, our latest is a year end look at the state of application security! Over the years the growth of the internet and it’s users has been exponential and shows no sign of slowing down. As one might expect we’ve also seen a rise in breaches, hacks and other incidents relating to appsec.
Add this Infographic to Your Website for FREE!
Application:A computer program with an interface, enabling people to use the computer as a tool to accomplish a specific task.
App Sec:Application Security. The use of software, hardware, and procedural methods to protect applications from external threats.
- Total # of Incidents: 1094 v 2200 (to November 20, 2012)
- % growth of attacks coming from outside the company: 51% v 74%
- Largest Breach Comparison: Sony 77 Million users v Zappos 24 Million
- Of all data loss % related to AppSec: 2011: 29% (317 incidents) vs. 2012: 60% (1320 incidents)
- There have been about 738,839,688 records breached since 2005 which is equivalent to the population all of the Americas (North, Central, and South with the except 78% of Brazil (by last census)
Methods of Attack
- 26% – Cross-Site Scripting
- 34.1% – SQL Injection
- 7.4% – Brute Force
- 3.7% – Cross-Site Request Forgery
- 11.8% – Denial of Service
- 17% – Other
Cross-Site Scripting (XSS): The process of adding malicious code to a website that can execute in a user’s browser
SQL Injection: When a coding flaw is exploited to embed malicious code producing a query that can access otherwise inaccessible data
3 of the Biggest SQLI Attacks in 2012
- Hackers gained access to 31 targets including NASA, the FBI, the Pentagon, and numerous other educational and governmental organizations.
- 1.6 million records affected
- Accessed names, email addresses, home addresses, passwords, the SQL injection vulnerable links, and more items which were posted on the internet.
- Russian Hacker “dwdm” accessed and leaked millions of passwords.
- 6.5 million records affected
- “On a scale of A through F, experts say, LinkedIn, eHarmony, and Lastfm.com would get, at best, a ‘D’ for password security” – New York Times
- Hacker “8in4ry Munch3r” accessed user account credentials.
- 11 million hashed words
- 8.2 Million Email Addresses