Alarming Rise in Web Application Vulnerabilities

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<p><strong>Santa Clara, Calif. &mdash; July 31</strong><br />Cenzic Inc., a provider of application vulnerability assessment and risk management solutions, has released its &quot;Application Security Trends Report – Q2 2007,&quot; which finds that, once again, organizations are failing to optimize their Web application security methods. </p><p>Although this report highlights the top 10 vulnerabilities from published reports in Q2 2007, Cenzic estimates there are thousands of vulnerabilities that remain unpublished<br />because of the lack of reports and the vast amounts of home-grown applications. </p><p>It is estimated that there are more than 100 million Web<br />applications that facilitate transactions and collection information, yet fewer than 5 percent of applications are tested for vulnerabilities. </p><p>The report provides a thorough analysis of reported vulnerabilities, Web application probes, attack statistics and key findings.<br /><br />&quot;We are at a critical stage when it comes to securing Web applications &mdash; with less than 1 percent of applications tested, millions of applications are vulnerable and ripe for hackers,&quot; said Mandeep Khera, Cenzic vice president of marketing. &quot;Even the organizations that do test are still focused on testing only the applications in the development or quality assurance stage. </p><p>&quot;With 99 percent of the applications in the production stage at any given point, these corporations are extremely<br />exposed and vulnerable &mdash; they will get hacked. It&#39;s not a question of &#39;if&#39; but &#39;when.&#39;&quot;</p><p>Tom Stracener, Cenzic senior security analyst, agreed.&nbsp; </p><p>&quot;Our analysis for Q2 illustrates a very high percentage of published vulnerabilities in Web technologies, similar to the Q1 findings,&quot; he said. &quot;This is a clear indication that network security is maturing, while application security is in its early stages. While our analysis shows top vulnerabilities in Java, Apache, Apple and PHP applications, these reflect only the published vulnerabilities &mdash; there still remain thousands of vulnerabilities that are not published or reported.&quot;<br /><br />In this study, Cenzic identified 1,484 unique published vulnerabilities in the second quarter of 2007, consisting of some of the most common threats as file inclusion, SQL injection and cross-site scripting. </p><p>Of the vulnerabilities published, 72 percent were related to Web technologies, a 7 percent increase from the Q1 findings, with attacks at the application layer continuing to dominate. </p><p>The majority of vulnerabilities affected Web technologies, such as Web applications, Web servers and Web browsers, with Cenzic classifying the bulk as easily exploitable. </p>

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|