The second annual Imperva Hacker Intelligence Initiative report, this one entitled Monitoring Hacker Forums, is out and reveals that the threat surfaces being discussed by the hacker community are very different from those that businesses are spending money on defending against attack.

dweb-hackers The Imperva research analysed the content of a number of online hacker communities, including many lesser known forums in order to get a more accurate snapshot of what those doing the hacking are actually discussing. By looking at a total of more than 400,000 different conversational threads, Imperva was able to determine that SQL injection and DDoS, with a 19% share of the total conversational traffic each, were the most talked about threat topics. That's just over a third of all discussions in the hacker forums being focused on training and tutorials for data theft techniques which are not high on the enterprise security strategy agenda.

Yes, Imperva reckons, only 5% of the average enterprise security spend is actually dedicated to preventing the SQL injection threat. Most of the money, it seems, continues to be poured into 'traditional' defence measures such as antivirus and Intrusion Prevention Systems which are totally inept at identifying SQL injection threats.

“By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts,” said Amichai Shulman, CTO, Imperva. “If organizations neglect SQL injection security, we believe that hackers will place more focus on those attacks.”

Other highlights from the report include:

The market for social network endorsements are on the rise: In a keyword search relating to social networks, Imperva found that Facebook (39 percent) and Twitter (37 percent) were the most frequently discussed social networks. In reviewing social network related posts, Imperva observed a black market for buying and selling illegitimate social network likes, followers, and endorsements, with particular attention given to the origin of these likes and followers.

Hacker education comprises a third of all forum conversations: Of the total conversations analyzed, roughly 28 percent were related to beginner hacking and hacker training, while another 5 percent related to hacking tutorials. Both aspiring and veteran hackers frequent forums to exchange techniques, build credibility and publish their hacking successes.

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

5 Years
Discussion Span
Last Post by Shankar.Shiv

Can you please explain me the Blind SQL Injection in practical codes ?

Thanks in Advance

Edited by Shankar.Shiv: Passionate

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.