.

Study: 70% Of Web Sites Are Hackable

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Feb 24, 2007 11:47 pm

Study: 70% Of Web Sites Are Hackable

A new study shows that majority of sites have medium- to high-level vulnerabilities, and more than 90% have some kind of vulnerability.

By Sharon Gaudin
InformationWeek

Feb 13, 2007 12:58 PM

About 70% of Web sites contain vulnerabilities that put them at risk of being hacked, according to a new study issued on Tuesday.

A year ago, Acunetix, a Web site security company, began scanning sites, both business and nonbusiness, looking for vulnerabilities. Out of 3,200 sites scanned, 70% had vulnerabilities with either a medium- or high-risk rating, according to an Acunetix announcement. Company analysts say there is an "extremely high probability" of hackers finding and using the vulnerabilities to steal information.

"The results show clearly that the problem of unsafe Web applications is being ignored completely," said Kevin Vella, a VP at Acunetix, in a written statement. "These statistics should compel organizations to take a serious look at their security infrastructure. The recent hacks into TJX, UCLA, and Dolphin Stadium are proof enough that the problem is very real and looks like it is here to stay. Companies, governments, and universities are bound by law to protect our data. Yet Web application security is, at best, overlooked as a fad. Without sounding apocalyptic, I believe the 70% figure should send tremors, not just ripples, in the market."

The survey also shows that, on average, 91% of the Web sites scanned contained some form of Web site vulnerability. Those exploits ranged from the more serious, such as SQL Injection and Cross Site Scripting, to more minor ones, like local path disclosure or directory listing.

About 66 vulnerabilities per Web site were discovered, according to Acunetix, for a total of 210,000 vulnerabilities over the 3,200 scanned sites.


Original story:
http://www.informationweek.com/news/sho ... wkPrintURL

Don
CISSP, MCSE, CSTA, Security+ SME
<<

smittyb

User avatar

Newbie
Newbie

Posts: 8

Joined: Wed Jun 28, 2006 2:47 pm

Location: Kansas

Post Wed Apr 04, 2007 11:01 am

Re: Study: 70% Of Web Sites Are Hackable

Hey Don!  I read this and totally agree with it.  The root of the problem is developers are not trained to code securely.  I'm sure you've seen the posting on SANS about their Software Security Institute. 

Those of us in the Security world know and realize these problems and sound alarms but many times, money becomes an issue.  Then something like the TJX thing comes up and blows up in their face and recovering your reputation from something like that will take years if it can be recovered at all.
<<

dean

Post Wed Apr 04, 2007 12:10 pm

Re: Study: 70% Of Web Sites Are Hackable

An old blog posting from the Matasano Guys about this. Some funny stuff. They make some very good points too. It has to do with a challenge made by Network World's Joel Snyder. He bet Acunetix a $1000 they could not get data from 3 of the sites.

http://www.matasano.com/log/699/did-idg ... -websites/

-dean-
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Apr 04, 2007 1:55 pm

Re: Study: 70% Of Web Sites Are Hackable

Hey Guys,

First of all, welcome to EH-Net. We look forward to your continued participation.

smittyb,

You probabaly know full well that if your lead developer says he needs 2 more months for him and his programmers to make a product secure, what's the first question the big wigs ask? Does it's core functionality work? IE - If it's a billing app, can it bill? If the answer is yes, then get it out now and fix the holes later. We can't pay you if we can't bring in money from selling the product, right?

Sound familiar?

It's a cycle that needs to be broken, and it's sad that outside initiatives, law suits, legislation and the possibilty of your business closing for good will get people to do the right thing. So, I support their initiative. Unfortunately, this type of agenda has to, like anything else, come from the top down.

Hey Dean,

Good stuff. I hadn't seen that article.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

gqblue2003

User avatar

Newbie
Newbie

Posts: 35

Joined: Tue Mar 20, 2007 2:20 am

Location: DC for now.

Post Sun May 13, 2007 5:08 am

Re: Study: 70% Of Web Sites Are Hackable

I was reading another article stating that approximately 83% of all statistics are made up. ;D
"A man who finds no satisfaction in himself will seek for it in vain elsewhere."
        
                                   La Rochefoucauld
<<

LSOChris

Post Sun May 13, 2007 3:59 pm

Re: Study: 70% Of Web Sites Are Hackable

and 60% of the time, it works every time!

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software