Two-thirds of web apps at risk of hacking

Friday, 03 February, 2012

Two-thirds of web applications tested by security consultants at Context Information Security in 2011 were found to be at risk from cross-site scripting, the consultancy firm announced today.

On top of that, nearly one in five web applications risked attacks by experienced SQL injections.

The findings come from penetration tests carried out on almost 600 hundred custom-built web apps. In total, Context discovered around 8,000 vulnerabilities, reflecting an increase in the average number of different security issues affecting each application from 12.5 to 13.5 between 2010 and 2011.

The report places these issues into the categories of server misconfiguration, information leakage, authentication, session management, authorisation weaknesses and encryption, all of which increased from 2010 to 2011.

The only exception to the upward trend was input validation weaknesses. According to the company, this is most likely due to the increased use of frameworks that offer built-in input validation security features.

Michael Jordon, Research and Development Manager at Context, said: “While the number of vulnerabilities identified in applications from 2010 and 2011 has not increased greatly, it does indicate that developers are continuing to make the same mistakes and are still not addressing web app security sufficiently.”

These findings are contained in the company’s new Context Web Application Vulnerability report, which also states that web apps developed for government, financial services and law and insurance sectors had the greatest increase in vulnerabilities.

“While some of the vulnerability categories such as server configuration and information leakage saw bigger rises, more serious cross-scripting and SQL injections present the biggest and potentially most damaging threats to web applications,” Jordon said.

“It is certainly clear that penetration testing before letting a web application go live is more relevant and essential than ever.”

The full report is available at the Context website.

Related News

Cloudera certified for compliance with PCI DSS 4.0

Cloudera has secured certification for Level 1 compliance with version 4.0 of the Payment Card...

Rubrik launches Salesforce Data Protection

Data security company Rubrik’s new Salesforce Data Protection offering aims to help...

DigiCert announces speaker line-up for quantum summit

DigiCert has named the quantum computing and cryptography experts who will be speaking at the...

Content from other channels on our network

Traffic lights 'talk to' driverless vehicles in Sydney

Electrical contractor fined $40K

Path cleared for smarter street lighting

Future Made in Australia at risk, Smart Energy Council warns

Air quality improving in Australian homes

World's southernmost base station operating in Antarctica

Ultra-precise motion sensor could enable GPS-free navigation

Australian CubeSats successfully launched into space

Kordia leaves JV delivering NZ PSN's LMR network

Nokia enters partnership to bring 5G to Egypt

Comprehensive fluid power training from HYDAC

A method that paves the way for improved fuel cell vehicles

Stretchy gel sensor detects solid-state skin biomarkers

Smart fabric powers self-sustaining electronics

Computer chips have the potential to become even smaller

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd