Don Parker Blog RSS

All Blogs  »  Don Parker Blog  »  Security Central  »  Blog article: 70% of websites at immediate risk of being hacked!

70% of websites at immediate risk of being hacked!

Acunetix reveals latest statistics based on one year of conducting web application scans

Kirkland, Washington - February 12, 2007 - Businesses and non-commercial entities have much to consider when it comes to securing their web applications and the data they keep on customers and patrons. Acunetix, a leading vendor of web application security solutions, today revealed that on average 70% of websites are at serious and immediate risk of being hacked.

Since January 2006, Acunetix has been offering a free automated web scan for qualifying websites. Out of a total of 10,000 applications, Acunetix has scanned 3,200 sites belonging to either businesses or non-commercial entities.

Alarming results
70% of the websites scanned were found to contain high or medium vulnerabilities. There is an extremely high probability of these vulnerabilities being discovered and manipulated by hackers to steal the sensitive data these organizations store.

all_sites

On average 91% of these websites, contained some form of website vulnerability, ranging from the more serious such as SQL Injection and Cross Site Scripting to more minor ones such as local path disclosure or directory listing.

Approximately 66 vulnerabilities per website were found for a total of 210,000 vulnerabilities over the scanned population.

50% of the websites with instances of high vulnerabilities were susceptible to SQL Injection while 42% of these websites were prone to Cross Site Scripting. Other serious vulnerabilities include Blind SQL Injection, Cross Site Scripting, CRLF Injection and HTTP response splitting, as well as script source code disclosure.

sql_inj_xss

“The results show clearly that the problem of unsafe web applications is being ignored completely,” stated Kevin J Vella, VP Sales and Operations of Acunetix. “These statistics should compel organizations to take a serious look at their security infrastructure - the recent hacks into TJX, UCLA and the Dolphin Stadium are proof enough that the problem is very real and looks like it is here to stay. Companies, governments, and universities are bound by law to protect our data. Yet web application security is, at best, overlooked as a fad. Without sounding apocalyptic, I believe the 70% figure should send tremors not just ripples in the market.”

About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.

About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

This entry was posted on Wednesday, February 14th, 2007 at 7:15 am and is filed under Security Central. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “70% of websites at immediate risk of being hacked!”

  1. Don Parker Blog » Blog Archive » Acunetix claim of 7/10 sites hackable challenged Says:

    February 15th, 2007 at 9:07 am

    […] It did not take long for the Acunetix press release claiming that 7 out of 10 websites could be hacked, to come under fire. This press release which has now turned into a story of its own, has even made it to Slashdot. While I am no web application security specialist I have seen an awful lot of sites that were seen to have exploitable conditions during the course of a vulnerability assessment. Statistics are often refuted, generally by those who don’t agree with them, but the fact remains that there is indeed a ton of websites out there which are insecure. […]

  2. Ron Bertino Says:

    February 28th, 2007 at 1:40 am

    Very intersting report. To be honest it doesn’t surprise me though.

    Most people don’t have a clue about how to protect systems from hackers.
    They think that all they need to do is buy an expensive firewall and all of their systems will be safe. Little do they realise that traditional layer 3 firewalls are useless in protecting a network from application layer attacks.

    It all starts with education, specifically with learning about how to hack. I don’t understand how some people can call themselves security consultants if they don’t know the first thing about hacking. How can you protect a network if you don’t know your enemy?

    I would suggest starting by reading a book (which you’ll find at Amazon) called Hacking Exposed.

  3. Tấn công XSS và ngăn chặn với HTML Purifier – Tan cong XSS va ngan chan voi HTML Purifier- Blog Hoc Tap Says:

    September 8th, 2009 at 8:16 pm

    […] […]

Leave a Reply

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 5 chars within 0..9 and A..F, and submit the form.

  

If CAPTCHA image is missing or you cannot read the characters above, please generate a




Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center