‘Everyday hackers’ are on the rise

8 April 2013
By Edd Gent
Mobile version
Share |
Every day hackers seem to be on the rise after research found a Google search for “SQL injection hack” provided 1.74 million results

Every day hackers seem to be on the rise after research found a Google search for “SQL injection hack” provided 1.74 million results

“Everyday hackers” will become more common due to the increasing availability of hacking advice, according to new research.

According to cyber-security firm Veracode’s annual State of Software Security Report (SoSS), released today a simple Google search for “SQL injection hack” provides 1.74 million results, including videos with explicit instructions on how to exploit SQL injection vulnerabilities.

The ready availability of this information is making it possible for less technically skilled hackers to take advantage of this common flaw and although SQL injection flaws are easy to identify and fix, Veracode found that 32 per cent of web applications are still affected by SQL injection vulnerabilities.

“Despite significant improvements in awareness of the importance of securing software, we are not seeing the dramatic decreases in exploitable coding flaws that should be expected,” says Chris Eng, vice president of research, Veracode.

“For each customer, development team or application that has become more secure, there are an equal number that have not.”

The research concluded that the leading cause of security breaches and data loss for organizations is insecure software and Veracode believes as many as 30 per cent of breaches in 2013 will be from SQL injection attacks.

“Veracode’s 2013 SoSS provides organizations with ways to reduce the success of potential attacks on company infrastructure by understanding the threat to the application layer and outlines the implications of these trends if organizations continue on their current paths,” says Eng.

The report, which includes the latest research on software vulnerability, also found that 70 per cent of software failed to comply with enterprise security policies on their first submission for security testing, indicating that the demand for rapid development means new vulnerabilities are constantly being introduced into organisation’s software portfolio.

“The amount of risk an organization accepts should be a strategic business decision, not the aftermath of a particular development project,” says Chris Wysopal, co-founder and CTO of Veracode.

“The time for organizations to act is now. My hope is that readers will use this research to estimate their current application risk, and then consider how they can act to improve the security posture of their organization by addressing the applications that are currently in development and/or production.”

Download the report here.

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Spectrum Technology Analyst

    Ofcom
    • Baldock, Hertfordshire
    • £Competitive Plus Comprehensive Benefits Package

    Ofcom is the independent regulator and competition authority for the UK communications sectors and we are globally respected for the work we do.

    • Recruiter: Ofcom

    Apply for this job

  • Test Engineering Opportunities

    HMGCC
    • Hanslope Park, Milton Keynes
    • Salary offered will depend on skills and experience

    Push incredible innovations beyond their limits. Opportunities for Software, Hardware, EMC, Test and Inspection Engineers!

    • Recruiter: HMGCC

    Apply for this job

  • Development Engineer Opportunities

    HMGCC
    • Hanslope Park, Milton Keynes
    • Salary offered will depend on skills and experience

    At HMGCC, we’re the place where exceptional creativity, ground-breaking ideas and cutting-edge technologies unite.

    • Recruiter: HMGCC

    Apply for this job

  • Head of School of Engineering and Advanced Technology

    Massey University
    • Albany or Palmerston North

    This role offers an outstanding opportunity to lead and further develop a well-established and internationally recognized School.

    • Recruiter: Massey University

    Apply for this job

  • Engineering Support Opportunities

    HMGCC
    • Hanslope Park, Milton Keynes
    • Salary offered will depend on skills and experience

    Working in one of our support roles, you’ll be integral to the creation of some of the most advanced bit of kit in the world.

    • Recruiter: HMGCC

    Apply for this job

  • Programme Manager, Network Resilience

    Energy Networks Association
    • Westminster
    • Competitive salary, dependent on experience

    Co-ordinate the network resilience, emergency planning and the Single Electricity Number (SEN) work in the ENA Engineering team.

    • Recruiter: Energy Networks Association

    Apply for this job

  • Senior Engineer - Configuration

    BAE Systems
    • Surrey, Frimley, England / England, Weymouth, Dorset
    • Negotiable

    Senior Engineer - Configuration Would you like to assist the Combat System Configuration Manager in ensuring that changes to the Common Combat System design are sufficiently assessed, approved, implemented, managed and controlled in accordance with BAE Sy

    • Recruiter: BAE Systems

    Apply for this job

  • System Planning and Investment Engineer

    SSE
    • Reading
    • 37,000 - £55,000 Plus excellent benefits package - salary depending on experience

    System Planning and Investment team act as custodian of the 132kV and EHV distribution network, provide business with technical expertise.

    • Recruiter: SSE

    Apply for this job

  • Chair in Integrated Sensor Technology

    The University of Edinburgh
    • Edinburgh, City of Edinburgh

    The University of Edinburgh is one of the world’s top 20 institutions of higher education.....

    • Recruiter: The University of Edinburgh

    Apply for this job

  • Metering Engineer

    Department for Business, Innovation and Skills
    • Teddington, United Kingdom
    • £24,109 - £27,961 plus EO Electronics PE of £8,090.00

    We are now looking for a Metering Engineer to deliver RD’s In-Service Testing (IST) scheme for gas and electricity meters.

    • Recruiter: Department for Business, Innovation and Skills

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T