Cenzic: Top 10 Security Threats. Web Apps And Browser Lead The List.
80% of security vulnerabilities related to the Web are applications, according to a new report from Cenzic, Inc. Chief among the vulnerable? Browsers, with Microsoft's Internet Explorer and Mozilla's Firefox leading the list b a long shot.
80% of security vulnerabilities related to the Web are applications, according to a new report from Cenzic, Inc. Chief among the vulnerable? Browsers, with Microsoft's Internet Explorer and Mozilla's Firefox leading the list b a long shot.Reading bMighty with a browser? Of course you are -- and if you're using either IE or Firefox, of course you know that you're using vulnerable technology.
A new security trends report from Cenzic, Inc. found that in the second half of 2008. IE had the most reported vulnerabilities, with 43%. Firefox fans can't throw too many stones, though: according to Cenzic, Firefox came in a close second with 39% of reported browser vulnerabilities. Apple's Safari drew 10% of the reports, while Opera accounted for 9%.
But browsers are nothing compared to Web apps. A breathtaking 80% of vulnerabilities resorted in the second half of 2008 involved Web-based applications.
Overall numbers were up, too, by 10%, to 2,835 reported vulnerabilities.
The vulnerability assessment and risk management company's Top Vulnerabilities List includes the following Web application areas of concern:
* SQL Disclosure * Forceful Browsing Past Authorization Boundary * Insufficient Password Strength * Cross-Site Scripting * Buffer Overflow * Command Injection * SQL Parser * All Forms Submitted via SSL
That list should give you, your IT team and vendors plenty of pause (and plenty of matters to address/redress while you pause) -- and the presence of weak passwords as a major vulnerability (no surprise there, of course) should send your strong password policy memo into circulation again, now. The entire Cenzic Web Applications Security Trends Report Q3-Q4 2008 can be downloaded here.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024