Industry Research : Imperva Deconstructs Local and Remote File Inclusion Attack Vectors
Redwood Shores, Calif., April 2, 2012 -- Imperva (NYSE: IMPV), a provider of a new category of data security solutions for high-value business data in the data center, today released its latest Hacker Intelligence Initiative report exploring how Local and Remote File Inclusion (RFI/LFI) attacks enable hackers to execute malicious code and steal data through the manipulation of a company’s web server. RFI/LFI attacks made up 21% of all application attacks observed by Imperva in its review of attacks across 40 applications from June – November 2011.
RFI and LFI attacks take advantage of vulnerable PHP Web application parameters by including a URL reference to remotely host arbitrary code, enabling remote execution. PHP is a programming language designed for Web development and whose use is prevalent in applications on the Internet.
"LFI and RFI are popular attack vectors for hackers because it is less known and extremely powerful when successful," said Tal Be’ery, Imperva’s senior web researcher. "We observed that hacktivists and for-profit hackers utilized these techniques extensively in 2011, and we believe it is time for the security community to devote more attention to the issue."
....NOTE - content continues below this message
SPONSOR MESSAGE: INVITATION!
We invite you and your colleagues to take a couple of days out of your busy schedule to join us and the elite in the industry to listen to the NEXT GENERATION Contact Center & Customer Engagement Best Practices.
Today's Tip of the Day - Increase Spending Where It's Visible
More Editorial From Imperva
Published: Friday, March 30, 2012
Genesys® powers 25 billion of the world’s best customer experiences each year. Our success comes from connecting employee and customer conversations on any channel, every day. Over 10,000 companies in...
NICE (NASDAQ: NICE), is a worldwide provider of intent-based solutions that capture and analyze interactions and transactions, realize intent, and extract and leverage insights to deliver impact in re...
|Bright Pattern Inc|
Bright Pattern is an effective cloud contact center software which helps businesses to simplify multichannel service. Bright Pattern’s solution features enterprise-grade architecture that offers n...
Five9 is a provider of cloud software for the enterprise contact center market, bringing the power of the cloud to thousands of customers and facilitating approximately three billion customer interact...