Businesses and non- commercial entities have much to consider when it comes to securing
their web applications and the data they keep on customers and
patrons. Acunetix, a leading vendor of web application security
solutions, today revealed that on average 70% of websites are at
serious and immediate risk of being hacked.
Since January 2006, Acunetix has been offering a free automated web
scan for qualifying websites. Out of a total of 10,000 applications,
Acunetix has scanned 3,200 sites belonging to either businesses or
70% of the websites scanned were found to contain high or medium
vulnerabilities. There is an extremely high probability of these
vulnerabilities being discovered and manipulated by hackers to steal
the sensitive data these organizations store.
On average 91% of these websites, contained some form of website
vulnerability, ranging from the more serious such as SQL Injection
and Cross Site Scripting to more minor ones such as local path
disclosure or directory listing.
Approximately 66 vulnerabilities per website were found for a total
of 210,000 vulnerabilities over the scanned population.
50% of the websites with instances of high vulnerabilities were
susceptible to SQL Injection while 42% of these websites were prone
to Cross Site Scripting. Other serious vulnerabilities include Blind
SQL Injection, Cross Site Scripting, CRLF Injection and HTTP response
splitting, as well as script source code disclosure.
"The results show clearly that the problem of unsafe web applications
is being ignored completely," stated Kevin J Vella, VP Sales and
Operations of Acunetix. "These statistics should compel organizations
to take a serious look at their security infrastructure - the recent
hacks into TJX, UCLA and the Dolphin Stadium are proof enough that
the problem is very real and looks like it is here to stay. Companies,
governments, and universities are bound by law to protect our data.
Yet web application security is, at best, overlooked as a fad.
Without sounding apocalyptic, I believe the 70% figure should send
tremors not just ripples in the market."