According to the founder of Whitehat Security, Jeremiah Grossman, there are various website security attacks which are present today. However, the most popular of these attacks are not necessarily the riskiest ones. According to the recently released security report of the company, 86% of the websites have one or the other vulnerability which is quite serious and risky even though the number of vulnerabilities per site have come down from the year 2011. The report also states that the SQL attacks are not even amongst the top 10 website security attacks. This statement has come across as quite a surprise to most due to the immense popularity of these SQL attacks. Moreover, these SQLi’s still present a huge risk to most organizations.
The SQL injection attack has been ranked at number 14 in the list of top attacks in the report. Moreover, these attacks hit just about 7% of the total number of websites. This statement published by Grossman is in serious contrast to the reports and studies which have been conducted in the past few years. Quite recently, the SANS Institute ranked the SQL injection attacks as the most dangerous software errors. However, on the other hand, the IBM Risk Report of 2012 did show a decline in the frequency of these attacks.
According to Grossman, there is a huge difference between the prevalence and the risk of a particular vulnerability. Thus, while only 7% of the websites face SQL injection attacks, it is enough to give these owners a torrid time, thereby enhancing the popularity of the SQL injection as one of the worst website security attacks. Moreover, the hackers choose SQL attacks only when they want to go after the data.
According to the Whitehat report, two of the most prevalent vulnerabilities in the year 2012 were cross site scripting and information leakage. They were closely followed by content spoofing and cross site request forgery. The cross site scripting attacks hit as many as 53% of the websites while information leakage hit 56% of the websites around the world. On the other hand, 33% of the websites around the world faced content spoofing attacks while 26% faced issues with brute force and cross site request forgery. However, the brute force vulnerability class of Whitehat is not similar to the better known cases wherein the hackers have repeatedly attacked a website with various combinations of usernames and passwords. Most of these brute force attacks take advantage of the fact that a majority of websites use email addresses as a username today.
The Whitehat report also states that since these sites use a username and password combination and tell users which part was wrong, the hackers use the valid logins along with password recovery systems to spam and phish users. Grossman also stated that in order for security to improve in terms of websites, it is imperative for the employees and the people using the website to become accountable and empowered as well.
You can follow any responses to this entry through the RSS 2.0 feed.
Leave your comment