14 DAY TRIAL // Ever wanted to know what vulnerabilities sites have? What can be exploited and how efficient it will be? Well, WhiteHat Security has released a security statistics report on their website for everyone to see. It's pretty insightful and if you are just a little bit tech-savvy I don't think you'll have a problem understanding it.
Hackers will probe the web everyday to see what flaws certain webpages have and how they could exploit them. As the WhiteHat report shows, by percentage likelihood, the top 3 vulnerabilities are cross-site scripting, with 73%, information leakage, in second place, with 53% and content spoofing in third place with "only" 24%. However, when considering vulnerability classes in the overall population, things are a bit different as Information leakage takes up to 73% of the pie (chart) while cross site scripting is second with 21%, content spoofing remaining third, with 2%.
Cross site scripting (CSS or XSS) is the most prevalent website vulnerability and it can be extremely hazardous to business and consumers, as the report points out.
"New attack vectors employed are responsible for highly effective phishing scams and Web worms that are resistant to commonly accepted safeguards. The evolution of JavaScript malware, finding its way into more and more attackers' toolboxes, has made finding and fixing this vulnerability more vital than ever," writes Jeremiah Grossman.
Information leakage can affect up to 5 in 10 sites and it occurs when a website "knowingly or unknowingly reveals sensitive information such as developer comments, user information, internal IP addresses, source code, software versions numbers, error messages/codes etc., which may all aid in a targeted attack," as I've seen in the report.
Content spoofing is something a bit rarer than the other two, as it affects only 1 in 4 websites and it's used in phishing scams to make a legitimate website redirect users to bogus content.
These are the top 3 vulnerabilities, but that does not mean in any way that others do not exist. Did these facts get your attention? If so, then be my guest and click this link to see the whitepaper in full! You're bound to learn a lot!