Application Defense Center Demonstrates Feasibility of a New Web Worm

Foster City, CA – March 29, 2004 – Imperva, Inc., a leader in Web application security, today published a white paper summarizing research carried out by its Application Defense Center (ADC) demonstrating the feasibility of launching worms that attack custom Web application software automatically. These methodologies leverage common Web search engine technologies to achieve the characteristics of a worm: anonymous origin, automated discovery of vulnerable sites, automated exploit and self-propagation.

Read the white paper

Worm attacks like Code Red or NIMDA have become notorious for exploiting ubiquitous commercial applications – such as Web server or database applications. However, until now it was thought impossible to create a worm capable of attacking custom Web application software. Such a worm must adapt to the unique vulnerabilities of each site.

“What is significant about this discovery is that many companies have assumed that the odds of having their internally developed web application code hacked were low. They assumed that hackers could not create a self-propagating worm that attacks custom software on a massive scale.” explained Shlomo Kramer, CEO. “Thus, many companies do not fortify against attacks on custom Web application code. Traditional intrusion prevention systems and firewalls have no ability to detect attacks of this kind.”

The research, led by Amichai Shulman, the company’s CTO, was conducted by Imperva’s Application Defense Center (ADC). A summary of the results is available at www.imperva.com. The ADC has performed more than 300 application penetration tests for clients around the world and, in the process, new penetration techniques are often discovered (see the company’s Blind SQL whitepaper). This knowledge is used as a primary input to the development of the company’s SecureSphere™ application intrusion prevention products.

“We have begun to see open discussion in the security community around the theoretical use of search engines to automate the exploit of vulnerabilities in custom application software. We know from experience that this will lead, at some point, to a real worm targeting these vulnerabilities,” said Shulman. “Putting the pieces together by conducting a controlled feasibility study and testing how self-propagation might be enabled validates the theory. It is important that the security community address these issues before the hacking community does so we can enable better defenses.”

About Imperva
Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact
Marc Gendron
(781) 237-0341
marc@mqpr.net