WhiteHat: Most Web Sites Are Vulnerable Now
The vast majority of web sites have a security vulnerability, according to data released Monday by WhiteHat Security, a security and audit provider specializing in web application security.
The latest installment of the WhiteHat Website Security Statistics Report, which contains data collected from WhiteHat enterprise clients between January 1, 2006 and March 31, 2009, finds 82 percent of web sites have had a high, critical or urgent issue over their lifetime. It also states 63 percent of web sites currently have a high, critical or urgent issue, meaning they are unsecured today (See Also: Web Application Security Today: Are We All Insane?).
Social networking sites are responsible for the highest level of vulnerabilities, with around with 82 percent having an urgent, critical or high severity issue. Education sites and IT sites came in second and third, with 76 percent and 75 percent, respectively, having vulnerabilities, the report said. Retail, insurance, pharmaceutical, healthcare, and telecommunications sites also ranked high.
"One of the biggest takeaways from this report is that not all vulnerabilities are created equal, but many are very serious, leaving the door open to exploit sensitive information and cause some serious damage," said Jeremiah Grossman, founder and chief technology officer at WhiteHat Security, in a statement on the findings.
WhiteHat said the top ten vulnerabilities remain largely unchanged from previous reports. Cross-site scripting tops the list. Business logic flaws occupied more than half of the top spots.
CSO
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.













