Equifax: A Case Study

The Equifax Case and Web Application Vulnerabilities

The Equifax case is one of the most significant hacking incidents in the recent past with various underlying issues including those of ethics on the part of the company. The case involved the hackers gaining personal information for millions of the company’s customers in the US. Aside from that, the incident demonstrated various vulnerabilities in numerous web applications. Web applications are vulnerable to multiple attacks from hackers which might lead to an eventuality similar to that of Equifax. Some of the most significant web vulnerabilities include Cross-site scripting, SQL injection, and XSS vulnerabilities. In most servers that store data from web applications, the programming language used for communication of the data is SQL programming language (Robinson). Therefore, the programming language is susceptible to threats such as SQL injection where the criminals place their commands into the system that allow them to, among other things, steal, delete or edit data stored in the databases.

Exploiting Apache Struts Software: CVE-2017-5638

While this is the case, Equifax hackers exploited the vulnerabilities in the Apache Struts software which is the open-source server software used by Equifax. The most probable vulnerability utilized by the hackers was the CVE-2017-5638, which represented a well-known and easy to exploit vulnerability in the expression language. The hackers used the code execution bug to exploit the system (Robinson). Among other issues regarding the incident is the lack of patching in the Strut. Additionally, the patch was quickly developed and tested making it susceptible to further vulnerabilities in the future. The implications of the breach are more significant than most other high profile breaches in history owing to the sensitivity of information contained in the databases and the number of people potentially affected by the breach. Also, the period they took before informing the customers also added to the adverse impact of the violation on both the company and the customers.

Work Cited

Robinson, Teri. “Apache Struts Vulnerability Likely Behind Equifax Breach, Congress Launches Probes | SC Media.” SC Media, 2017, https://www.scmagazine.com/home/security-news/data-breach/apache-struts-vulnerability-likely-behind-equifax-breach-congress-launches-probes/. Accessed 2 Nov 2018.