May 26, 2009, 9:15 AM — The vast majority of web sites have a security vulnerability, according to data released Monday by WhiteHat Security, a security and audit provider specializing in web application security.
The latest installment of the WhiteHat Website Security Statistics Report, which contains data collected from WhiteHat enterprise clients between January 1, 2006 and March 31, 2009, finds 82 percent of web sites have had a high, critical or urgent issue over their lifetime. It also states 63 percent of web sites currently have a high, critical or urgent issue, meaning they are unsecured today (See Also: Web Application Security Today: Are We All Insane?).
Social networking sites are responsible for the highest level of vulnerabilities, with around with 82 percent having an urgent, critical or high severity issue. Education sites and IT sites came in second and third, with 76 percent and 75 percent, respectively, having vulnerabilities, the report said. Retail, insurance, pharmaceutical, healthcare, and telecommunications sites also ranked high.
"One of the biggest takeaways from this report is that not all vulnerabilities are created equal, but many are very serious, leaving the door open to exploit sensitive information and cause some serious damage," said Jeremiah Grossman, founder and chief technology officer at WhiteHat Security, in a statement on the findings.
WhiteHat said the top ten vulnerabilities remain largely unchanged from previous reports. Cross-site scripting tops the list. Business logic flaws occupied more than half of the top spots.