70% Of Web Sites at Immediate Risk of Being Hacked Acunetix Reveals
Thursday, 15 February 2007
Businesses and non-commercial entities have much to consider when it comes to securing their Web applications and the data they keep on customers and patrons. Acunetix, a leading vendor of Web application security solutions, today revealed that on average 70 percent of Web sites are at serious and immediate risk of being hacked.
Since January 2006, Acunetix has been offering a free automated Web scan for qualifying Web sites. Out of a total of 10,000 applications, Acunetix has scanned 3,200 sites belonging to either businesses or non-commercial entities.
Alarming results
70 percent of the Web sites scanned were found to contain high or medium vulnerabilities. There is an extremely high probability of these vulnerabilities being discovered and manipulated by hackers to steal the sensitive data these organizations store.
On average 91 percent of these Web sites, contained some form of Web site vulnerability, ranging from the more serious such as SQL Injection and Cross Site Scripting to more minor ones such as local path disclosure or directory listing.
Approximately 66 vulnerabilities per Web site were found for a total of 210,000 vulnerabilities over the scanned population.
50 percent of the Web sites with instances of high vulnerabilities were susceptible to SQL Injection while 42 percent of these Web sites were prone to Cross Site Scripting. Other serious vulnerabilities include Blind SQL Injection, Cross Site Scripting, CRLF Injection and HTTP response splitting, as well as script source code disclosure.
“The results show clearly that the problem of unsafe Web applications is being ignored completely,” stated Kevin J Vella, VP Sales and Operations of Acunetix. “These statistics should compel organizations to take a serious look at their security infrastructure – the recent hacks into TJX, UCLA and the Dolphin Stadium are proof enough that the problem is very real and looks like it is here to stay. Companies, governments, and universities are bound by law to protect our data. Yet Web application security is, at best, overlooked as a fad. Without sounding apocalyptic, I believe the 70 percent figure should send tremors not just ripples in the market.”