How vulnerable is the web?
Posted by: jim on 05/14/2013 09:29 AM
[
Comments
]
Worried about "drive by" viruses? Then it should come as no surprise that most websites have serious vulnerabilities.
The trend is getting better. In 2011, 79 flaws was the average. In 2010, it was as high as 230. If Whitehat is reporting representatively, then we still are seeing 86% of the internet websites contain at least one hole.
It took, on average, 193 days to fix the holes in 61% of the vulnerabilities. Just 18% were vulnerable for 30 days. That translates into 82% taking from 31 to 365 days to get fixed. How bad is it? 33% of all the websites in the report were vulnerable for the entire year of 2012.
Here are the top ten vulnerability classes:
Information leakage - 55%
Cross-scripting - 35%
Content spoofing - 33%
Cross-site forgery - 26%
Brute force - 26%
Fingerprinting - 23%
Layer protection - 22%
Session fixation - 14%
URL redirector - 13%
The trend is getting better. In 2011, 79 flaws was the average. In 2010, it was as high as 230. If Whitehat is reporting representatively, then we still are seeing 86% of the internet websites contain at least one hole.
It took, on average, 193 days to fix the holes in 61% of the vulnerabilities. Just 18% were vulnerable for 30 days. That translates into 82% taking from 31 to 365 days to get fixed. How bad is it? 33% of all the websites in the report were vulnerable for the entire year of 2012.
Here are the top ten vulnerability classes:
Information leakage - 55%
Cross-scripting - 35%
Content spoofing - 33%
Cross-site forgery - 26%
Brute force - 26%
Fingerprinting - 23%
Layer protection - 22%
Session fixation - 14%
URL redirector - 13%
Comments
