Channels ▼

Web Development

The Application Defense War & The Hacker Intelligence Secret Service

Spend any time researching Internet security and software application defense layers and you'll quickly find that there are at least 10 major user-centric vendors out there with brands well known to the public from AVG, to Norton to McAfee. The problem is that these layers are extremely user focused and typically reside on the device, desktop or server itself.

All the vendors behind these products do admirable work in their R&D labs, but isn't a direct hacker-centric anti-attack layer something we should have all been working collectively to construct and refine for some time now?

Security vendor Imperva is trying to position its new hacker intelligence initiative as a more application development relevant research effort focused on providing insight into how cybercriminals conduct large scale cyber attacks. Part of the company's Application Defense Center intelligence initiative will investigate the anatomy of attacks as well as key hacking trends by exploring the cybercrime industry utilizing techniques including hack-back, forum monitoring and Internet traffic surveillance.

"Cybercrime is a business like any other," said Amichai Shulman, Imperva’s CTO. "Hackers are becoming more automated and their techniques more sophisticated and industrialized. Modern cyber defenses need to keep pace with this growing industry and our intelligence initiative will help uncover the trends, techniques and tactics utilized by today’s cybercriminals."

Imperva may be 'just another security vendor' trying to package up its data store of infected or suspicious code blocks in a shiny new box. Or, perhaps it is on to something. The fact that the company appears to recognize automated and industrialized application attacks may mean that its perception of malware generation is refreshingly accurate.

You can register here for more information on the company's experience with a start-to-finish execution of a cross-site scripting (XSS) attack. By observing the hacker's own vulnerable code, Imperva was able to witness an XSS attack impacting 3000 individuals. The company found that XSS attacks require little expertise and less than an hour to carry out when using readily available tutorials and free hosting sites.

Of course there are many conspiracy theories out there that will tell you that all the viral content and malicious code creation out there is being produced by the security vendors themselves to ensure that supply and demand stays nicely in balance. Perhaps there should be a global edict dictating that no security company should be allowed to trade unless it joins and contributes to the Hacker Intelligence Secret Service -- or have I been watching too much James Bond do you think?

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.