SQL Injection - Are Developers to Blame for Data Security Breaches?

app developer

Of course, this is a bold statement, but for those who deal with security issues from mobile applications, they can pinpoint where the flaw occurred with developers not taking security into account when developing mobile apps. Security takes the back seat to app functionality and remains as a second thought.

Companies who develop mobile apps think about the security of the app after the coding is done. Seriously we can’t expect to adequately ensure the security of the data, app, the communication between the app and the servers by patching here and there afterward. One common security breach is done via SQL injection due to flaws in the code. Fierce IT Security "estimates that 97 percent of data breaches are the result of an SQL injection attack somewhere along the line.” According to Mashable, "a British hacker used an SQL injection attack to breach the United States Federal Reserve, steals confidential data and posts it online." The Federal Reserve is a huge financial company with millions, if not billions at its disposal and it was still unable to stop a "straightforward SQL injection attack."

Another breach in security was the hacker who used an SQL injection attack to steal 150,000 user emails and passwords from an Adobe database. This type of attack can "be prevented by app developers adhering to security best practices during the app development and testing phases." At this time, many companies are open to hacker attacks. In 2013, two-thirds of US companies were breached by an SQL inject attack. Even Wall Street is not safe from an SQL injection attack.

Most of these flaws can be prevented by using best practices when developing mobile apps, spending more time thinking, designing and embedding security into the apps in addition to testing rather than pushing them out as fast as they can.

Some hackers say they break into these databases to show companies where the flaw is, to raise public awareness and make companies take security seriously. But many hackers do that for their 5-minutes (sometimes longer due to the severity of the breach) of fame on the news. Their fame is someone else nightmare. Not only it costs companies to fix the damage (some can take 140 days), it also cost them in customers for burdening them with the hassles to change credit card information, emails, and addresses and so on. We are very interested to know what developers think about this.

How To Avoid SQL Injection Types of Attacks with SeaCat Mobile Secure Gateway?

The SeaCat-enabled mobile application communicates with the SeaCat Gateway, the only visible point. The Gateway authorizes, authenticates and re-interprets traffic before passing it to the app’s backend. This scheme shields the backend from exposing itself the Internet and protects it from SQL injection attacks, buffer overflows, and zero-day vulnerabilities.

Mobile application security includes not only protection at the application level but also protection at the backend. Failing to secure the backend, where company's data is most vulnerable, is a recipe for disastrous consequences.

To learn more about mobile application security, please Contact us. Alternatively, follow us @TeskaLabs on Twitter.

Photo Credit: imcreator


TurboCat.io

Data encryption tool for GDPR

More information


You Might Be Interested in Reading These Articles

The Top 5 Mobile Application Security Issues You Need to Address When Developing Mobile Applications

Most recently, a lot of established companies like Snapchat, Starbucks, Target, Home Depot, etc. have been through a PR disaster. Do you know why? Simply because some attackers out there found flaws in their mobile apps and could exploit them. In fact, by the end of this year, 75% of mobile apps will fail basic security tests.

Continue reading ...

mobile security

Published on November 03, 2015

A Warning about Zero-Day Vulnerability

A zero-day, also called zero-hour, vulnerability is a security flaw in the code that cyber criminal can use to access your network. Zero-day attacks call for new technologies built from the ground up for today’s advanced threat landscape. There is no known fix, and by the time hackers attack, the damage is already done

Continue reading ...

security

Published on May 12, 2015

5 Cyber Threats eCommerce Websites Should Watch Out For

There are innumerable advantages to eCommerce. Businesses can make sales outside of business hours; they can reach customers over their own personal social media pages, and take advantage of people being more inclined to spend while they’re on the couch with a glass of wine rather than harassed in the changing room of a crowded store. However, with all of these advantages, there are also some inherent threats that could annihilate a business’ reputation.

Continue reading ...

security

Published on May 02, 2017