64 percent of websites contain serious flaws

By on
64 percent of websites contain serious flaws

Cross-site scripting and SQL injection remain the top methods of attack.

Vulnerabilities in web applications remain the primary avenue of attack for cybercriminals, according to a WhiteHat Website Security Statistics Report released this week.

Organisations building custom web applications are particularly at risk, says the report, which measured data collected from January 2006 to October 2009, across more than 1,300 websites.

The problem is exacerbated because it is not possible to patch against custom web application software, such as that used by big e-commerce sites, Jeremiah Grossman, founder and CTO of WhiteHat, told SCMagazineUS.com. And that, he said, includes the vast majority of sites.

The amount of time it takes to repair a vulnerability once discovered is also an issue for those charged with maintaining network security. According to the WhiteHat report: "The time to fix should be as short as possible because an open vulnerability represents an opportunity for hackers to exploit the website, but no remedy is instantaneous."

Resolution could take the form of a software update, configuration change, or web application firewall rule, the report said.

But, the good news is that more organisations are repairing the technical issues associated with these threats.

"We have the answers and know how to fix these vulnerabilities," Grossman said. "The task is to motivate the business to do so. It's a matter of resource allocation."

As there are at least 24 different classes of web exploits, enterprises are under a lot of pressure to ensure their sites receive security checkups, said Grossman.

Cross-site scripting and SQL injection remain the top method of attack, while social networking and education sites are the top two verticals with the most vulnerabilities, according to the report.

"Taking application security seriously is more than just spending more – it is being strategic," the report said.

Among the sites examined by WhiteHat, only 36 percent were found to be free of any serious vulnerabilities. While they appear similar to those with vulnerabilities, these companies chose to fix any issues they've had, reducing the potential for attack, said Grossman.

Thirty years ago, criminals robbed brick-and-mortar banks, said Grossman. Today, every bank and company is equidistant to a cybercriminal.

"You can rob banks no matter where you are," he said.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?