Thursday, March 12, 2009

IBM Federal Ready to Protect NASA, NOAA, DOE, USCG, HUD Against New SQL Injection Hacking Attacks

12, March 2009 15:32 EDT -- The Web Hacking Incidents Database (WHID) has reported that over 500,000 websites were hacked by a new form of SQL Injection in 2008. The hacking incidents resulted in 19% theft of sensitive data. Government, security, and law enforcement organizations represented the biggest sector suffering from these attacks (32 percent). The Gartner Group indicates 75% of all attacks occur at the web application layer (*not* network/server layer). See Article: DarkReading

According to Bill Duncan, IBM US Federal Software Group, "we are taking measures to protect our clients' interests and our Nations Security." He added, "we are now offering a complimentary scan (using Rational Appscan) of NASA, NOAA, Coast Guard, US Department of Energy, and HUD web applications. The scan checks for security vulnerabilities and compliance. Even if you believe you are hack proof, we identify vulnerabilities over 90% of the time when we perform this service".

The scan requires two to three hours of the client's time. IBM provides the Federal client with an Executive report on the current state of risk and vulnerabilities and a separate report with remediation tasks for the agency's developers to take action and fix. Duncan confirmed that "there are no strings attached, although we are confident the value that NASA, NOAA, DOE, Coast Guard, and HUD, will see from the results outweighs IBM's solution cost."