Web apps account for 80 percent of internet vulnerabilities

Share this article:
Vulnerabilities in web applications made up 80 percent of all web-related flaws in the second half of 2008 and rose in prevalence by about eight percent from the first half of the year, according to a report released Tuesday by Cenzic.

The report was based on the published vulnerability disclosures for various commercial off-the-shelf and open-source software. The web application vulnerabilities, for example, were in Adobe, SAP, Microsoft, Mozilla, Sun, Apache, and Oracle products.

Not securing your web applications is like locking all the doors to your house and leaving the key under a see-through mat, Mandeep Khera, chief marketing officer at Cenzic, which specializes in web application security, told SCMagazineUS.com.

“Hackers are picking up the key and walking right in,” he said. "Most of the web applications out there are vulnerable and that's why the attacks are happening."

Of the popular browsers, Internet Explorer had the highest percentage of vulnerabilities, with 43 percent. Firefox was second with 29 percent of total web browser vulnerabilities, followed by Safari with 10 percent and Opera with eight percent.

Sergey Gordeychik, a contributor for the international standards group Web Application Security Consortium (WASC), told SCMagazineUS.com in an email Tuesday that there has been steady growth of web application security problems and agreed that most web applications are vulnerable.

“The number of detected vulnerabilities and web attacks is growing too,” Gordeychik said.

He said security requirements often are not considered in the system design of web applications, making it hard to eliminate vulnerabilities. And attackers can easily detect these bugs, using tools such as automated scanners.

Web application security came into greater focus last year when the Payment Card Industry (PCI) Security Standards Council added a new provision, mandating the use of either an in-depth application code review or a web application firewall.

Educational resources for securing web applications are available, including the Open Web Application Security Project and the SANS Institute.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.