Only 10% of web applications are secured against common hacking techniques
Results 1 to 3 of 3

Thread: Only 10% of web applications are secured against common hacking techniques

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    772

    Only 10% of web applications are secured against common hacking techniques

    http://www.zone-h.org/en/news/read/id=3974/

    WebCohort's Application Defense Center Reports Results of Vulnerability Testing on Web Applications

    WebCohort, Inc., the leader in web application security, today announced the results of four years of penetration testing on more than 250 web applications including e-commerce, online banking, enterprise collaboration, and supply chain management sites.

    The vulnerability assessments conducted by WebCohort's Application Defense Center (ADC) concluded that at least 92% of web applications are vulnerable to some form of hacker attacks.

    The most common vulnerabilities were cross-site scripting (80%), SQL injection (62%) and parameter tampering (60%). While these types of hacking attacks are common, most enterprises have not adequately secured web sites, applications and servers against them. Despite common use of defenses such as firewalls and intrusion detection or prevention systems, hackers can access valuable proprietary and customer data, shut-down websites and servers, defraud businesses, and introduce serious legal liability without being stopped or, in many cases, even detected.

    "More robust network security has driven hackers to view web applications as easier targets. Four years of our Application Defense Center's experience have proven this is an accurate assessment," said Shlomo Kramer, CEO of WebCohort. "We are only beginning to see the risks to businesses and consumers these vulnerabilities introduce."

    In 2001, Gartner Group reported that 75% of cyber attacks and Internet security violations are generated through Internet Applications. Years later, web applications have yet to be secured.

    The Federal Trade Commission announced in January that Internet-related fraud was the reason for more than 500,000 of consumer complaints filed in 2003, with estimated consumer losses of $200 million in the U.S. alone. The total cost of Internet fraud is compounded by business losses, legislative, regulatory and law enforcement costs, and diminished consumer trust in the Internet throughout the world. Unsecured web applications leave the back door wide open to Internet fraud and other forms of hacking attacks.

    The results of the WebCohort Application Defense Center's penetration testing from January 2000 to January 2004 are:

    Most Common Application Layer Vulnerabilities:

    Attack and Percent vulnerable

    Cross-site scripting 80%

    SQL injection 62%

    Parameter tampering 60%

    Cookie poisoning 37%

    Database server 33%

    Web Server 23%

    Buffer overflow 19%

    Source: Penetration tests by WebCohort's Application Defense Center on nearly 300 corporate, government and other client sites conducted of the past four years.

    Definitions and descriptions of the attacks listed above are available at: http://webcohort.com/web_application...earch/glossary


    Original article: http://www.prnewswire.com/cgi-bin/st...2101093&EDATE=

    Wow, I didn't know it was that "worse", when doing vulnerability assessment I find that most servers have some web apps that are vulnerable to XSS. Less common I find in my own experience is the possiblity of SQL Injection. Yet 60% is stated here, that's alot.
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Although one could argue that 250 out of all the web applications out there isn`t really a big sample.

    Could this be a plan to cause yet more FUD?
    Quis custodiet ipsos custodes

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    Yes, that's true, but they say all the sites are e-commerce sites, online banking etc.
    Sites of which you suppose that they aren't made by amateurs.
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •