IBM Research - SQL injection often leads to a successful breach

New research from IBM’s X-Force team names SQL injection as the most commonly traveled pathway to a successful breach during the first half of 2013. No one is really surprised by this as SQLi is the most direct way to gain access to records in the database. In terms of return on exploit, SQLi is an effective attack of opportunity, where automated scripts can scan wide ranges of potential targets that run common web application software with known SQLi vulnerabilities.

Takeaway: We urge organizations to focus their vulnerability management efforts on minimizing the threat they face by reducing the potential attack surface.The accessibility of vulnerability to attack is defined primarily by the context of the network in which it resides. To make vulnerability management more effective, techniques that incorporate network context into the process need to be applied.