Half of Sites have Web App Holes

Monday, July 20, 2015 @ 12:07 PM gHale

Almost half of web applications scanned contained a high security vulnerability such as XSS or SQL Injection, while almost 80 percent of web applications suffered from a “medium security” vulnerability, a new report said.

As it turns out, most companies are leaving themselves vulnerable to attacks, according to the Acunetix report. In the move to produce user-friendly interfaces and user -centered apps, companies are leaving their data available to bad guys.

Cyber Incidents Down; Reporting Declines
Insider Attacks Rise, Unaware of Risk
Small Risk Converts to Big Problem
Ransomware Version Costs U.S. Big Bucks

“These are worrying stats, showing businesses are failing in some basic web security areas … it’s just like leaving your wallet or unlocked phone lying around in a public place,” said Nick Galea, chief executive at Acunetix. “It’s more a question of how long it takes, rather than if at all, before you are compromised.”

Attackers continue to concentrate their efforts on web-based applications since they often have direct access to back-end data such as customer databases, the researchers said. The nature of cyber attacks is also diversifying as criminals target not only financial data but personal data for use in identity theft and confidential intelligence to carry out cyber espionage.

Cross-site Scripting (XSS) and Denial of Service (DoS) vulnerabilities topped the list with a significant 38 percent of websites being vulnerable to each of these attacks. Following closely at 28 percent are SSL related vulnerabilities such as HeartBleed and POODLE, and SQL Injection (SQLi) at 27 percent of the sites scanned by Acunetix OVS.

When it comes to network vulnerabilities, administrators are performing better. The report said 10 percent of the servers scanned were vulnerable to high security risks, and 50 percent had a medium security vulnerability. Keeping in mind most of these servers are perimeter servers, having a network vulnerability on these Internet facing servers could lead to a compromise and access to the network.

Having a high security vulnerability is a major problem and fixing these should be top of the web security list, researchers said.

When it comes to the easily attacked web applications, an attacker can easily exploit such vulnerabilities to compromise the integrity and availability of the target application, gain access to backend systems and databases, as well as deface the target site and trick users into phishing attacks, which could lead to bigger system-wide attacks.

Click here to register to download the report.