2013-01-29 09:06:42 -
Analysis of Yahoo! Breach Highlights SQL Injection; Third-party Code Offers
Little Control, High Risk
Redwood Shores, Calif., January 29, 2013 - Imperva, Inc. (NYSE: IMPV), a
pioneer and leader of a new category of business security solutions for critical
applications and high-value data in the data center, today announced its January
Hacker Intelligence Initiative Report, "Lessons Learned from the Yahoo! Hack,"
which examines the dangers of third-party code in cloud computing.
In December 2012, a hacker breached Yahoo! with an SQL injection attack that
took advantage of a vulnerability in a third-party application that was provided
Yahoo! Web site. This attack highlights the risk that many Web
applications face: Web applications may contain some sort of third-party code,
such as APIs, that was not created by the developers.
"The weak link in the Yahoo! attack was not programmed by Yahoo! developers, nor
was it even hosted on the Yahoo! Servers, and yet the company found itself
breached as a result of third-party code," said Amichai Shulman, CTO, Imperva.
"The challenge presented by the Yahoo! breach is that Web-facing businesses
should take responsibility to secure third-party code and cloud-based
In "Lessons Learned from the Yahoo! Hack," Imperva recommends specific business
and technical steps. From a business standpoint, for example, enterprises
· Put in place legal requirements in a contract for what you will and
will not accept from a security perspective.
· Incorporate security due diligence for any merger or acquisition
Technically, Imperva recommends enterprises:
· Conduct a Web application vulnerability security assessment. A manual
review of Web application security or proper use of automated Web application
security vulnerability assessment can identify potential vulnerabilities that
should be addressed in the software development lifecycle (SDLC).
· Deploy a Web Application Firewall (WAF). A WAF serves as a security
policy enforcement point that prevents vulnerable Web applications from being
To download the full report please visit:
Imperva is a pioneer and leader of a new category of business security solutions
for critical applications and high-value data in the data center. Imperva's
award-winning solutions protect against data theft, insider abuse, and fraud
while streamlining regulatory compliance by monitoring and controlling data
usage and business transactions across the data center, from storage in a
database or on a file server to consumption through applications. With over
2,000 end-user customers in more than 60 countries and thousands of
organizations protected through cloud-based deployments, securing your business
with Imperva puts you in the company of the world's leading organizations. For
more information, visit www.imperva.com, follow us on Twitter or visit our blog.
We're hiring! Help us protect the world's data:
© 2013 Imperva, Inc. All rights reserved. Imperva and the Imperva logo are
trademarks of Imperva, Inc.
This announcement is distributed by Thomson Reuters on behalf of
Thomson Reuters clients. The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and
other applicable laws; and
(ii) they are solely responsible for the content, accuracy and
originality of the information contained therein.
Source: Imperva Inc. via Thomson Reuters ONE