Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/12/2007
11:40 AM
50%
50%

Acunetix: 70% of Websites Hackable

Acunetix revealed that on average 70% of websites are at serious and immediate risk of being hacked

KIRKLAND, Wash. -- Businesses and non- commercial entities have much to consider when it comes to securing their web applications and the data they keep on customers and patrons. Acunetix, a leading vendor of web application security solutions, today revealed that on average 70% of websites are at serious and immediate risk of being hacked.

Since January 2006, Acunetix has been offering a free automated web scan for qualifying websites. Out of a total of 10,000 applications, Acunetix has scanned 3,200 sites belonging to either businesses or non-commercial entities.

Alarming results

70% of the websites scanned were found to contain high or medium vulnerabilities. There is an extremely high probability of these vulnerabilities being discovered and manipulated by hackers to steal the sensitive data these organizations store.

On average 91% of these websites, contained some form of website vulnerability, ranging from the more serious such as SQL Injection and Cross Site Scripting to more minor ones such as local path disclosure or directory listing.

Approximately 66 vulnerabilities per website were found for a total of 210,000 vulnerabilities over the scanned population.

50% of the websites with instances of high vulnerabilities were susceptible to SQL Injection while 42% of these websites were prone to Cross Site Scripting. Other serious vulnerabilities include Blind SQL Injection, Cross Site Scripting, CRLF Injection and HTTP response splitting, as well as script source code disclosure.

"The results show clearly that the problem of unsafe web applications is being ignored completely," stated Kevin J Vella, VP Sales and Operations of Acunetix. "These statistics should compel organizations to take a serious look at their security infrastructure - the recent hacks into TJX, UCLA and the Dolphin Stadium are proof enough that the problem is very real and looks like it is here to stay. Companies, governments, and universities are bound by law to protect our data. Yet web application security is, at best, overlooked as a fad. Without sounding apocalyptic, I believe the 70% figure should send tremors not just ripples in the market."

Acunetix Ltd.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...