Details for nearly 200,000 Grand Theft Auto fan site users have been traded on the digital underground. This contains email addresses, hashed passwords, dates of birth, and IP addresses. Deepak Patel, Director of Security Strategy at Imperva commented below.
Deepak Patel, Director of Security Strategy at Imperva:
“The reality is that, in most cases, it is simply not feasible to map out all legal and illegal inputs—at least not without causing a large amount of false positives, which interfere with user experience and an application’s functionality. For this reason, video game companies need to employ a web application firewall (WAF) to filter out SQLI, as well as other online threats. WAF typically relies on a large, and constantly updated, list of meticulously crafted signatures that allow it to surgically weed out malicious SQL queries. Usually, such a list holds signatures to address specific attack vectors, and is regularly patched to introduce blocking rules for newly discovered vulnerabilities. Modern web application firewalls are also often integrated with other security solutions. From these, a WAF can receive additional information that further augments its security capabilities.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.