According to DOSarrest Internet Security, its newly released Vulnerability Testing and Optimization (VTO) service finds that 90% of websites scanned have one or more vulnerabilities.
Of the websites that tested positive for vulnerabilities, 95% of them were susceptible to information leakage due to out-dated software versions and installed modules.
Of those tested, below is a general breakdown of their deficiencies.
(Note that it adds up to 117% meaning that some sites had 2 or even 3 Vulnerabilities in each category).
Cross-site Scripting (CSS) ——————-28%
Cross-Site Request Forgery (CSRF)———-67%
SQL Injection (SQLI)—————————22%
CSRF is a form of attack which forces a victim to execute unwanted actions on a website where an attacker inherits the identity and privileges of the victim to perform an undesired function on the victim’s behalf. Meanwhile a SQL Injection attack involves the insertion of a SQL query to allow database access and privileges, while cross-site scripting (XSS) attacks occur when an attacker injects malicious scripts into benign and trusted websites.
A CSRF attack is equally dangerous and significant as it can compromise end-user data and if the targeted end user is the administrator account, this can compromise the entire web application.
“It is not the case that 90 per cent of the websites are vulnerable to a severe flaw, but it is more likely to be an information protection or session management flaw,” said Sean Power, security operation manager at DOSarrest. “We put the mark at quite a high standard and there were only one or two instances where we couldn’t make any recommendations to the website. However, findings did show that 95% of the sites scanned found flaws that could cause sensitive information to be leaked, so they are not to be taken lightly.”
DOSarrest Internet Security has launched its website Vulnerability Testing and Optimization (VTO) service that will intelligently crawl a website and find any vulnerabilities in the site’s coding, as well as analyse the structure of the website to see what can be optimised for better performance, all for a safer and better web experience.
DOSarrest only tests websites that have asked to be tested. For these results, 50 websites were tested; further details are available on request. For more information or to request a VTO scan, please visit:
http://www.dosarrest.com/solutions/vulnerability-testing