According to the results of a recent survey of 595 U.S.-based IT security practitioners, 65 percent of respondents said their companies had experienced SQL injection attacks that successfully evaded their perimeter defenses in the past 12 months.
The survey also found that the average SQL injection breach took almost 140 days to discover and required an additional 68 days to remediate.
And while 44 percent of respondents work with professional penetration testers to identify vulnerabilities in their systems, only 35 percent of those penetration tests including testing for SQL injection vulnerabilities.
“It is commonly accepted that organizations believe they struggle with SQL injection vulnerabilities, and almost half of the respondents said the SQL injection threat facing their organization is very significant, but this study examines much deeper issues,” Ponemon Institute founder and chairman Dr. Larry Ponemon said in a statement.
“For example, only a third of those surveyed (34 percent) agreed or strongly agreed that their organization presently had the technology or tools to quickly detect SQL injection attacks,” Ponemon added. “And more than half (52 percent) of respondents indicated that they don’t test or validate any third party software to ensure it’s not vulnerable to SQL injection.”