Industry Research : Imperva Deconstructs Local and Remote File Inclusion Attack Vectors
Redwood Shores, Calif., April 2, 2012 -- Imperva (NYSE: IMPV), a provider of a new category of data security solutions for high-value business data in the data center, today released its latest Hacker Intelligence Initiative report exploring how Local and Remote File Inclusion (RFI/LFI) attacks enable hackers to execute malicious code and steal data through the manipulation of a company’s web server. RFI/LFI attacks made up 21% of all application attacks observed by Imperva in its review of attacks across 40 applications from June – November 2011.
RFI and LFI attacks take advantage of vulnerable PHP Web application parameters by including a URL reference to remotely host arbitrary code, enabling remote execution. PHP is a programming language designed for Web development and whose use is prevalent in applications on the Internet.
"LFI and RFI are popular attack vectors for hackers because it is less known and extremely powerful when successful," said Tal Be’ery, Imperva’s senior web researcher. "We observed that hacktivists and for-profit hackers utilized these techniques extensively in 2011, and we believe it is time for the security community to devote more attention to the issue."
Today's Tip of the Day - Keep Cost In Perspective
More Editorial From Imperva
Published: Friday, March 30, 2012
Genesys® powers 25 billion of the world’s best customer experiences each year. Our success comes from connecting employee and customer conversations on any channel, every day. Over 10,000 companies in...
Verint Systems is a provider of analytic software-based solutions for the security and business intelligence markets. Verint solutions transform voice, video, and text into actionable intelligence - m...
Avaya is a recognized innovator, leading business communications for the digital age. Avaya delivers smart global solutions and technologies for customer and team engagement, unified communications an...
Upstream Works provides best-in-class Omnichannel Contact Center software to increase customer engagement and agent success. We bring the omnichannel customer journey together across all applications ...