Skip navigation

More than 300 database vulnerabilities identified by the industry in past 4 years, Imperva ADC Research Center predicts more to come

London, UK – April 24, 2007 – Imperva, the global leader in data security and compliance solutions for the data centre, today raised concerns that the rising number of database related security breaches in the US might soon affect major UK database projects like the Government’s National Identity Register (NIR) scheme.

Database vulnerabilities are reported to have been at the heart of several recent high profile incidents in the US, especially among online banking and other financial institutions. In the recent case of discount retailer TJX, owner of UK retailer TK Maxx, hackers were able to steal millions of payment card details. There is mounting concern that the trend towards database vulnerabilities and misconfigurations being specifically targeted by hackers for financial gain may soon come to the UK.

“Under US disclosure laws firms are obliged to go public when there has been a serious breach of security,” says Jonathan Mepsted, Imperva’s managing director for EMEA. “In the UK and the rest of Europe there are no such laws.

“We can only suspect that such incidents are equally commonplace over here,” he continues, “but we just do not hear about them. This is why it is imperative the UK Government is seen to be doing all it can to implement the technology, policies and practices to eliminate database security risks.”

According to Imperva’s Application Defense Center (ADC), an internationally-recognised security research organisation, more than 300 vulnerabilities have been identified in all of the most common database software products in the past four years. These vulnerabilities expose databases to privilege abuse attacks, privilege escalation and denial-of-service attacks affecting the confidentiality, integrity and availability of critical information.

“Databases are the IT equivalent of the bank vault and will always be a focus for hackers and insider abuse so we can be confident that vulnerabilities will continue to appear over time,” said Amichai Shulman, CTO of Imperva and head of the Imperva Application Defense Center which brought at least 20 of these vulnerabilities to light. “The first step towards locking down databases is vulnerability assessment but there are not many effective tools around.”

He added: “Organisations that are interested in testing their database infrastructure for these vulnerabilities can now do so for free using a database scanning product from Imperva called Scuba.”

Scuba by Imperva is a lightweight Java utility that is specially designed to support the database assessment efforts of database, compliance, and information security professionals. The software scans Oracle, Microsoft SQL Server, IBM DB2, and Sybase databases for hundreds of vulnerabilities that facilitate SQL injection, buffer overflow, and other attacks. It also detects configuration problems like insecure passwords, unsafe processes, unrestricted permission levels, and more.

Scuba by Imperva is available for download – completely free - at http://www.imperva.com/scuba.

- ends -

About Imperva

Imperva is the global leader in data security and compliance solutions for the data centre. The Imperva product line provides an automated and transparent approach to protecting and controlling sensitive data throughout transactional data systems. The Imperva database and Web application appliances are deployed in leading financial, retail, telecommunications, healthcare, and government organisations around the globe. Founded over five years ago by Shlomo Kramer, recently named one of the 20 luminaries who changed the network industry, Imperva is a solid, privately held company with growing revenues and backing from Accel Partners, Greylock Partners, US Venture Partners, and Venrock Associates. For more information, visit www.imperva.com.

Press Contact:

Paul Shlackman, Bond PR
Tel: +44 (0) 1628 673007
Email: paul@bondpr.com





This press release was distributed by ResponseSource Press Release Wire on behalf of BondPR UK in the following categories: Business & Finance, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.