Report: Websites Remain Vulnerable to Attacks

Wednesday, March 09, 2011



A recent study by WhiteHat Security examined over 3,000 websites administered by 400 different organizations and found that the surveyed sites were vulnerable to attack more often than not.

The study looked at the both the presence of a vulnerability and the length of time before remediation. The results showed that the websites were exposed 270 days of the year on average.

Education sector websites lead the pack with nearly eighty percent remaining vulnerable at least nine months of the year, followed by retail and social networking sites.

Websites in sectors subject to more regulation, such as finance and healthcare, showed the lowest rates with about fifteen percent vulnerable over the same period.

"It's inevitable that websites will contain some faulty code -- especially in sites that are continually updated. Window of Exposure is a useful combination of the vulnerability prevalence, the time it takes to fix vulnerabilities, and the percentage of them that are remediated. Specifically for CIOs and security professionals, measuring window of exposure offers a look at the duration of risk their business and user data is exposed to by not having sufficient remediation processes in place," Jeremiah Grossman, founder and CTO of WhiteHat Security, told DarkReading.

The leading vulnerability was "Information Leakage", which describes inadvertently revealing sensitive technical information about the site environment, applications or users.


Possibly Related Articles:
Data Leakage Vulnerabilities Web Application Security Attacks Headlines report Website Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.