80% of security vulnerabilities related to the Web are applications, according to a new report from Cenzic, Inc. Chief among the vulnerable? Browsers, with Microsoft's Internet Explorer and Mozilla's Firefox leading the list b a long shot.

Keith Ferrell, Contributor

March 19, 2009

1 Min Read

80% of security vulnerabilities related to the Web are applications, according to a new report from Cenzic, Inc. Chief among the vulnerable? Browsers, with Microsoft's Internet Explorer and Mozilla's Firefox leading the list b a long shot.Reading bMighty with a browser? Of course you are -- and if you're using either IE or Firefox, of course you know that you're using vulnerable technology.

A new security trends report from Cenzic, Inc. found that in the second half of 2008. IE had the most reported vulnerabilities, with 43%. Firefox fans can't throw too many stones, though: according to Cenzic, Firefox came in a close second with 39% of reported browser vulnerabilities. Apple's Safari drew 10% of the reports, while Opera accounted for 9%.

But browsers are nothing compared to Web apps. A breathtaking 80% of vulnerabilities resorted in the second half of 2008 involved Web-based applications.

Overall numbers were up, too, by 10%, to 2,835 reported vulnerabilities.

The vulnerability assessment and risk management company's Top Vulnerabilities List includes the following Web application areas of concern:

* SQL Disclosure * Forceful Browsing Past Authorization Boundary * Insufficient Password Strength * Cross-Site Scripting * Buffer Overflow * Command Injection * SQL Parser * All Forms Submitted via SSL

That list should give you, your IT team and vendors plenty of pause (and plenty of matters to address/redress while you pause) -- and the presence of weak passwords as a major vulnerability (no surprise there, of course) should send your strong password policy memo into circulation again, now. The entire Cenzic Web Applications Security Trends Report Q3-Q4 2008 can be downloaded here.

About the Author(s)

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights