Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

All You Wanted To Know About Site Vulnerabilities

They explain it all

By Alexandru Dumitru, Security News Editor

11th of October 2007, 10:11 GMT

Adjust text size:



Enlarge picture
Ever wanted to know what vulnerabilities sites have? What can be exploited and how efficient it will be? Well, WhiteHat Security has released a security statistics report on their website for everyone to see. It's pretty insightful and if you are just a little bit tech-savvy I don't think you'll have a problem understanding it.

Hackers will probe the web everyday to see what flaws certain webpages have and how they could exploit them. As the WhiteHat report shows, by percentage likelihood, the top 3 vulnerabilities are cross-site scripting, with 73%, information leakage, in second place, with 53% and content spoofing in third place with "only" 24%. However, when considering vulnerability classes in the overall population, things are a bit different as Information leakage takes up to 73% of the pie (chart) while cross site scripting is second with 21%, content spoofing remaining third, with 2%.

Cross site scripting (CSS or XSS) is the most prevalent website vulnerability and it can be extremely hazardous to business and consumers, as the report points out.

"New attack vectors employed are responsible for highly effective phishing scams and Web worms that are resistant to commonly accepted safeguards. The evolution of JavaScript malware, finding its way into more and more attackers' toolboxes, has made finding and fixing this vulnerability more vital than ever," writes Jeremiah Grossman.

Information leakage can affect up to 5 in 10 sites and it occurs when a website "knowingly or unknowingly reveals sensitive information such as developer comments, user information, internal IP addresses, source code, software versions numbers, error messages/codes etc., which may all aid in a targeted attack," as I've seen in the report.

Content spoofing is something a bit rarer than the other two, as it affects only 1 in 4 websites and it's used in phishing scams to make a legitimate website redirect users to bogus content.

These are the top 3 vulnerabilities, but that does not mean in any way that others do not exist.
Did these facts get your attention? If so, then be my guest and click this link to see the whitepaper in full! You're bound to learn a lot!

TAGS:

 websites | vulnerabilities | research


Rating:
Fair (2.6/5) 5 vote(s) so far    

Read by 471 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


A Hacked Site and Google's Attitude

Worst Virus Ever: Storm Now Infects Sites Too!

Security Experts Need to Learn from Hackers

International Holiday Scares People

Hackers Hit Web Host

Web Status: "Red" Alert!

Stupid People Get Hacked

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive