‘Everyday hackers’ are on the rise

8 April 2013
By Edd Gent
Mobile version
Share |
Every day hackers seem to be on the rise after research found a Google search for “SQL injection hack” provided 1.74 million results

Every day hackers seem to be on the rise after research found a Google search for “SQL injection hack” provided 1.74 million results

“Everyday hackers” will become more common due to the increasing availability of hacking advice, according to new research.

According to cyber-security firm Veracode’s annual State of Software Security Report (SoSS), released today a simple Google search for “SQL injection hack” provides 1.74 million results, including videos with explicit instructions on how to exploit SQL injection vulnerabilities.

The ready availability of this information is making it possible for less technically skilled hackers to take advantage of this common flaw and although SQL injection flaws are easy to identify and fix, Veracode found that 32 per cent of web applications are still affected by SQL injection vulnerabilities.

“Despite significant improvements in awareness of the importance of securing software, we are not seeing the dramatic decreases in exploitable coding flaws that should be expected,” says Chris Eng, vice president of research, Veracode.

“For each customer, development team or application that has become more secure, there are an equal number that have not.”

The research concluded that the leading cause of security breaches and data loss for organizations is insecure software and Veracode believes as many as 30 per cent of breaches in 2013 will be from SQL injection attacks.

“Veracode’s 2013 SoSS provides organizations with ways to reduce the success of potential attacks on company infrastructure by understanding the threat to the application layer and outlines the implications of these trends if organizations continue on their current paths,” says Eng.

The report, which includes the latest research on software vulnerability, also found that 70 per cent of software failed to comply with enterprise security policies on their first submission for security testing, indicating that the demand for rapid development means new vulnerabilities are constantly being introduced into organisation’s software portfolio.

“The amount of risk an organization accepts should be a strategic business decision, not the aftermath of a particular development project,” says Chris Wysopal, co-founder and CTO of Veracode.

“The time for organizations to act is now. My hope is that readers will use this research to estimate their current application risk, and then consider how they can act to improve the security posture of their organization by addressing the applications that are currently in development and/or production.”

Download the report here.

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Skilled Electrical Fitter

    MBDA
    • Bolton
    • Competitive Salary & Benefits

    What?s the opportunity?   The Electrical Fitter will carry out manufacturing and test tasks within the electrical department in accordance with product certification procedures, defined workmanship  ...

    • Recruiter: MBDA

    Apply for this job

  • Electrical Manufacturing Technician

    MBDA
    • Stevenage
    • Competitive Salary & Benefits

    What?s the opportunity?   As a qualified craftsman with experience in electrical manufacturing, the Manufacturing Technician will report to a Team Leader, receiving day to day ...

    • Recruiter: MBDA

    Apply for this job

  • Electrical Design Engineer

    Oxford Instruments
    • Yatton, Bristol
    • Competitive salary plus excellent benefits

    We are looking for an electrical designer to join our engineering design team.

    • Recruiter: Oxford Instruments

    Apply for this job

  • Consultant Engineer (Electrical Power)

    BAE Systems
    • Cumbria, Barrow-In-Furness, England
    • Negotiable

    Consultant Engineer (Electrical Power) Would you like to play a key role in providing technical direction to the design of power systems on the Successor class submarines, which will replace the current Trident-equipped Vanguard class, currently in servic

    • Recruiter: BAE Systems

    Apply for this job

  • Electrician

    The Bristol Port Company
    • City of Bristol
    • C. £31,729 per annum plus supplements, benefits and overtime

    You’re a good team worker with a strong technical capacity – so bring your talents to a new role with one of the area’s leading employers.

    • Recruiter: The Bristol Port Company

    Apply for this job

  • Supply Restoration Team Manager (HV/SAP)

    SSE
    • Oxford, Oxfordshire
    • Salary: £37,588 to £49,645 + Car (SSE8) Depending on skills and experience

    SSE is looking to recruit a Supply Restoration Team Manager to join our existing team in Oxford.

    • Recruiter: SSE

    Apply for this job

  • Electrical Technical Lead - Global Operations, Engineering & Laboratory

    Pfizer Ltd
    • Kent

    An exciting opportunity has arisen to join a dynamic team of professional engineers, supporting the development of novel drugs.

    • Recruiter: Pfizer Ltd

    Apply for this job

  • Supply Restoration Team Manager (HV/SAP)

    SSE
    • Oxfordshire
    • Salary: £37,588 to £49,645 + Car (SSE8) Depending on skills and experience

    SSE is looking to recruit a Supply Restoration Team Manager into our office in Oxford.

    • Recruiter: SSE

    Apply for this job

  • Electronics & Control Systems Engineer

    Frazer-Nash Consultancy Ltd
    • Bristol, Burton, Glasgow, Plymouth, Warrington
    • £ Competitive + Benefits

    We are seeking talented Electronics Engineers at all career levels.

    • Recruiter: Frazer-Nash Consultancy Ltd

    Apply for this job

  • Control and Instrumentation Engineers

    Frazer-Nash Consultancy Ltd
    • Bristol, Burton, Glasgow, Gloucester
    • £ Competitive + Benefits

    Frazer-Nash is currently embarking on a period of significant growth of our electrical, electronics, control and instrumentation capability.

    • Recruiter: Frazer-Nash Consultancy Ltd

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T