REPORT REVEALS TOP 10 WEBSITE VULNERABILITIES.WhiteHat Security, Santa Clara Santa Clara, city, Cuba Santa Clara (sän`tä klä`rä), city (1994 est. pop. 217,000), capital of Villa Clara prov., central Cuba. , Calif., a provider of website vulnerability management services, has released the second installment of its Web Application Security Risk Report, which details 15 months of vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. data across a variety of real- world websites. The report unveils the top 10 website vulnerabilities facing enterprises, and identifies Web application security trends across financial, e-commerce, healthcare, and high-tech industries. The WhiteHat Report provides enterprises with a clear picture of current website security issues and details best practices for defending against potential attacks. WhiteHat Security's research confirms that the Web application layer requires proactive security as the number one target for malicious Involving malice; characterized by wicked or mischievous motives or intentions. An act done maliciously is one that is wrongful and performed willfully or intentionally, and without legal justification. DESERTION, MALICIOUS. online attacks. In its December 2006 report, WhiteHat found that eight out of every 10 websites are vulnerable to attack. The company's recent findings now indicate that one out of every three websites has an urgent vulnerability issue that could put online data and corporate brand identity at risk. The most prevalent vulnerability continues to be Cross-Site Scripting See XSS. (XSS (CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent Web page. ) with seven out of 10 websites being affected, followed by Information Leakage Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless. For example, when designing an encrypted instant messaging network, a network engineer without the capacity to crack your and Content Spoofing (1) Faking the sending address of a transmission in order to gain illegal entry into a secure system. See e-mail spoofing. (2) Creating fake responses or signals in order to keep a session active and prevent timeouts. . SQL Injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not and Insufficient Authorization also remain on the top 10 list, and if undiscovered can result in serious repercussions repercussions npl → répercussions fpl repercussions npl → Auswirkungen pl regarding highly sensitive Adj. 1. highly sensitive - readily affected by various agents; "a highly sensitive explosive is easily exploded by a shock"; "a sensitive colloid is readily coagulated" information. The WhiteHat Report notes a slight decrease in technical vulnerabilities such as XSS and SQL Injection. This may indicate that organizations are beginning to address the growing number and severity of website attacks. However, logical vulnerabilities such as insufficient authorization, where an attacker gains unauthorized access to protected sections of a website, have not decreased. This can be attributed in part to the fact that scanners alone do not pick up flaws affecting business logic and remediation may be more difficult. In order to ensure effective and complete vulnerability assessments, it is key to have security experts working in conjunction with the scanners. This combined approach unearths items that scanners are not equipped to catch and serves as a stronger safeguard in protecting against attacks. As the issue of Web application vulnerability increases in severity and importance across industries, more enterprises have implemented WhiteHat Security's Sentinel Service to address their Web application security needs. WhiteHat Sentinel comprehensively and continuously assesses hundreds of real- world production and development websites per month to obtain a one-of-a-kind perspective into website vulnerability trends. As the only company with access to cumulative data of this magnitude and depth, WhiteHat is sharing its findings to provide enterprises with an all-encompassing view of the various attacks their websites may be susceptible to. WhiteHat utilizes the Web Application Security Consortium (WASC WASC Western Association of Schools and Colleges WASC West African School Certificate WASC Western Administrative Support Center (NOAA) WASC Western Australia Supreme Court WASC Washington Administrative Service Center ) Threat Classification of 24 Web application vulnerability classes as its standard. This ensures comprehensive coverage of all known types of vulnerabilities. WhiteHat's approach to website vulnerability management combines a human component with patent-pending, enterprise-class scanning technology for identification of technical vulnerabilities, verified results to eliminate false positives, and custom testing with multiple user-levels to reveal business logic flaws. "We are thrilled to reveal our second quarterly risk report offering further clarity on prevalent vulnerabilities affecting websites today," said Jeremiah Grossman, founder and chief technology officer at WhiteHat Security. "These statistics continue to provide an in-depth view of the attack landscape that enterprises currently face. As the amount of sensitive data housed online continues to grow, WhiteHat is committed to educating companies on how to proactively protect their websites through complete website vulnerability management." WhiteHat plans to issue continued installments of the Web Application Security Risk Report on a quarterly basis. To ensure the report remains useful and relevant, WhiteHat incorporates feedback and ideas from leading industry thought leaders and influencers. Based on feedback already received, plans for future reports include: comparing website technology and frameworks; comparing vertical markets; average remediation times by vulnerability; trend vulnerability increases/decreases over time; and attack surface ratios of inputs to vulnerabilities. About WhiteHat Security, Inc. Headquartered in Santa Clara, California Santa Clara, California (IPA: /ˌsæntəˈklærə/) , founded in 1777 and incorporated in 1852, is a city in Santa Clara County, in the U.S. state of California. , WhiteHat Security is a leading provider of website vulnerability management services. WhiteHat delivers turnkey See turnkey system. solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the company's flagship service, is the only solution that incorporates expert analysis and industry-leading technology to provide unparalleled coverage to protect critical data from attacks. For more information, visit http://www.whitehatsec.com or call 408/492-1817 ext. 614. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion