WhiteHat Security: 90% sites still vulnerable

After years of fighting the hacker wars, today's Websites are still a long way from being secure, according to a new research report. According to a report issued yesterday by WhiteHat Security, nine out of 10 Websites still have at least one vulnerability that attackers could exploit. On average, there are about seven flaws on […]

After years of fighting the hacker wars, today's Websites are still a long way from being secure, according to a new research report.

According to a report issued yesterday by WhiteHat Security, nine out of 10 Websites still have at least one vulnerability that attackers could exploit. On average, there are about seven flaws on each site studied.

"While the security posture of some industries is better than others, the difference is largely insignificant when it comes to preventing a Website from becoming compromised –- attackers only need to exploit a single vulnerability," the report says.

Cross-site scripting (XSS) is still the top category of vulnerabilities, appearing in approximately 70 percent of Websites, WhiteHat says. But the researchers are predicting that cross-site request forgery (CSRF) will eventually take the No. 2 spot behind XSS.

"Attackers using CSRF can easily force a user’s Web browser to send unintended HTTP requests, such as fraudulent wire transfers, changes to passwords and download of illegal content," the report says. "Effective automated CSRF detection techniques have eluded all technology scanning vendors in the space, making identification a largely manual process."

Source:→ Dark Reading

Security, Website, Vulnerability, Exploit, Malicious Code