Durex data breach
Reports that a website selling Durex condoms in India has suffered a data breach - with customers details being publicly available on the Internet - appears to be the result of business logic flaws, says IT company,Imperva
"Web application hackers are focusing more and more on attacks that target vulnerabilities in the business logic, rather than in the application code," explained Imperva CTO Amichai Shulman. "Business logic attacks often remain undetected. In fact, most business logic vulnerabilities are hard to anticipate and detect using automated test tools, such as static code analyzers and vulnerability scanners. Often, attack traffic resembles normal application traffic. Attacks are usually not apparent from code and are too diverse to be expressed through generic vulnerability scanner tests."
"With the new Data Protection Act penalties just days away from being implemented by the Information Commissioner's Office in the UK, and other regulators around the world adopting similar `get tough' policies, it looks like data breaches need to look beyond basic vulnerabilities such as SQL injections," said Shulman.
