Two-thirds of web apps at risk of hacking

Friday, 03 February, 2012

Two-thirds of web applications tested by security consultants at Context Information Security in 2011 were found to be at risk from cross-site scripting, the consultancy firm announced today.

On top of that, nearly one in five web applications risked attacks by experienced SQL injections.

The findings come from penetration tests carried out on almost 600 hundred custom-built web apps. In total, Context discovered around 8,000 vulnerabilities, reflecting an increase in the average number of different security issues affecting each application from 12.5 to 13.5 between 2010 and 2011.

The report places these issues into the categories of server misconfiguration, information leakage, authentication, session management, authorisation weaknesses and encryption, all of which increased from 2010 to 2011.

The only exception to the upward trend was input validation weaknesses. According to the company, this is most likely due to the increased use of frameworks that offer built-in input validation security features.

Michael Jordon, Research and Development Manager at Context, said: “While the number of vulnerabilities identified in applications from 2010 and 2011 has not increased greatly, it does indicate that developers are continuing to make the same mistakes and are still not addressing web app security sufficiently.”

These findings are contained in the company’s new Context Web Application Vulnerability report, which also states that web apps developed for government, financial services and law and insurance sectors had the greatest increase in vulnerabilities.

“While some of the vulnerability categories such as server configuration and information leakage saw bigger rises, more serious cross-scripting and SQL injections present the biggest and potentially most damaging threats to web applications,” Jordon said.

“It is certainly clear that penetration testing before letting a web application go live is more relevant and essential than ever.”

The full report is available at the Context website.

Related News

ISACA identifies gaps in AI knowledge, training and policies

85% of digital trust professionals say they will need to increase their AI skills and knowledge...

VNC accounts for nearly all remote desktop attacks

Virtual Network Computing accounted for 98% of remote desktop attacks recorded by Barracuda last...

Vectra AI expands platform to combat GenAI threats

Vectra AI has announced new enhancements to its AI-driven platform aimed at protecting businesses...

Content from other channels on our network

F5 reaches Australian public sector milestone

RingCentral launches AI contact centre solution in Aust

Western Sydney councils' transport plan endorsed

Australian researchers launch global misinformation database

Broadcom revamps and simplifies VMware portfolio

Ultra-pure silicon chip brings quantum computing a step closer

Low-energy process developed for high-performance solar cells

Wearable health sensor charges without wires or batteries

Enhancing the cyclability of lithium-ion battery cathodes

Experiment could enable millions of qubits on a single chip

Retailers caught selling unapproved electrical appliances

Ampcontrol and Siemens partner on renewable energy solutions

SA announces smart residential energy trial

Western Power welcomes new apprentices

Avoiding another Black Summer

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd