Two Thirds of U.S. Companies Were Breached by SQL Injection Attacks in 2013

According to the results of a recent survey of 595 U.S.-based IT security practitioners, 65 percent of respondents said their companies had experienced SQL injection attacks that successfully evaded their perimeter defenses in the past 12 months.

The survey, entitled The SQL Injection Threat Study, was conducted by the Ponemon Institute and sponsored by DB Networks.

The survey also found that the average SQL injection breach took almost 140 days to discover and required an additional 68 days to remediate.

And while 44 percent of respondents work with professional penetration testers to identify vulnerabilities in their systems, only 35 percent of those penetration tests including testing for SQL injection vulnerabilities.

“It is commonly accepted that organizations believe they struggle with SQL injection vulnerabilities, and almost half of the respondents said the SQL injection threat facing their organization is very significant, but this study examines much deeper issues,” Ponemon Institute founder and chairman Dr. Larry Ponemon said in a statement.

“For example, only a third of those surveyed (34 percent) agreed or strongly agreed that their organization presently had the technology or tools to quickly detect SQL injection attacks,” Ponemon added. “And more than half (52 percent) of respondents indicated that they don’t test or validate any third party software to ensure it’s not vulnerable to SQL injection.”

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles