WhiteHat: Most Web Sites Are Vulnerable Now
The vast majority of web sites have a security vulnerability, according to data released Monday by WhiteHat Security, a security and audit provider specializing in web application security.
The latest installment of the WhiteHat Website Security Statistics Report, which contains data collected from WhiteHat enterprise clients between January 1, 2006 and March 31, 2009, finds 82 percent of web sites have had a high, critical or urgent issue over their lifetime. It also states 63 percent of web sites currently have a high, critical or urgent issue, meaning they are unsecured today (See Also: Web Application Security Today: Are We All Insane?).
Social networking sites are responsible for the highest level of vulnerabilities, with around with 82 percent having an urgent, critical or high severity issue. Education sites and IT sites came in second and third, with 76 percent and 75 percent, respectively, having vulnerabilities, the report said. Retail, insurance, pharmaceutical, healthcare, and telecommunications sites also ranked high.
"One of the biggest takeaways from this report is that not all vulnerabilities are created equal, but many are very serious, leaving the door open to exploit sensitive information and cause some serious damage," said Jeremiah Grossman, founder and chief technology officer at WhiteHat Security, in a statement on the findings.
WhiteHat said the top ten vulnerabilities remain largely unchanged from previous reports. Cross-site scripting tops the list. Business logic flaws occupied more than half of the top spots.
CSO
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
