As a part of its ongoing Hacker Intelligence Initiative, Imperva’s Application Defense Center (ADC) observed and categorized attacks across 30 applications as well as onion router (TOR) traffic, monitoring more than 10 million individual attacks targeted at web applications over a period of six months. The analysis shows:
› Due to automation, web applications, on average, are probed or attacked about 27 times per hour or about once every two minutes. At the apex of an attack, web applications experience nearly 25,000 attacks per hour or 7 per second.
› Four dominant attack types comprise the vast majority of attacks targeting web applications: Directory Traversal, Cross-Site Scripting, SQL injection, and Remote File Inclusion.
› The United States is the main source of application attacks. Applications are attacked by infected computers, or bots, with most located in the US.We provide a list of technical recommendations for security teams as well as nontechnical ones for corporate executives.