{"id":81,"date":"2008-11-20T12:01:21","date_gmt":"2008-11-20T18:01:21","guid":{"rendered":"https:\/\/webhostinggeeks.com\/blog\/?p=81"},"modified":"2008-11-20T12:01:21","modified_gmt":"2008-11-20T18:01:21","slug":"staggering-numbers-on-website-vulnerabilities","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/blog\/staggering-numbers-on-website-vulnerabilities\/","title":{"rendered":"Staggering Numbers on Website Vulnerabilities"},"content":{"rendered":"<p>According to a recent study by Scott + Scott, a law firm based in Connecticut, 85% of businesses in the U.S. have experienced some sort of data breach, a factor that places the personal information of millions of consumers at great risk.\u00a0 To no surprise, most of the companies involved in the study were exploited over the web with the leading cause being insecure servers and applications.\u00a0 These vulnerabilities are what result in the lost of bank account numbers, credit card details and Social Security numbers while putting billions of dollars in jeopardy. Although there are various security mechanisms available to limit these exploits, the typical components such as firewalls and intrusions detection systems simply aren&#8217;t enough.<\/p>\n<p>Intruders are just as aware of the critical information that can be accessed through an application as the webmaster.\u00a0 In many cases, their entrance and overall success is attributed to numerous factors.\u00a0 Those conscious of the roaming threats typically monitor network perimeters with firewalls and intrusion detection systems.\u00a0 However, these components actually encourage exploits as they are required to keep ports 80 and 443 open to support SSL and protect online transactions.\u00a0 To an intruder, these ports are open doors that enable website attacks in a number of different ways.\u00a0 Most network firewalls are configured to secure only the internal perimeter, leaving the company open to a wide range of attacks.\u00a0 And while both intrusion prevention and detection systems are somewhat more effective, they don&#8217;t perform complete analysis of a packet&#8217;s contents.\u00a0 Without an additional layer of security, a knowledgeable intruder can penetrate a web application with relative ease.<\/p>\n<p>An organization dedicated to improving the security of web-based applications, the OWASP (Open Web Application Security Project) recently composed a list of 10 of the most common vulnerabilities in today&#8217;s applications.\u00a0 The potential threats are associated with the following:<\/p>\n<p>1. Cross site scripting<\/p>\n<p>2. Server-side scripting errors<\/p>\n<p>3. The execution of malicious code<\/p>\n<p>4. Insecure direct object reference<\/p>\n<p>5. Cross site request forgery<\/p>\n<p>6. Improper error handling and data leakage<\/p>\n<p>7. Penetration of authentication and session management<\/p>\n<p>8. Vulnerable cryptographic storage<\/p>\n<p>9. Insecure web communications<\/p>\n<p>10. Failure to restrict write permissions and URL access<\/p>\n<p>The WASC Web Application Security Consortium have validated the OWASP&#8217;s top five application vulnerabilities with the testing of 31,373 sites.\u00a0 Additionally, the Gartner Group reports that 97% of more than 300 sites studied in a survey were found to be vulnerable to application attacks.\u00a0 The same study also revealed that 75% of today&#8217;s web attacks occur at the application level.<\/p>\n<p>The numbers indicate that most E-commerce sites are easy targets for an array of attacks.\u00a0 While proper coding is the key to prevention, one of the best methods of defense against application exploits is a web application scanner.\u00a0\u00a0 This type of mechanism protects both applications and servers from intruders by crawling through the site and analyzing every piece of content.\u00a0 Such products conduct various tests along with simulated application attacks throughout the scanning process.\u00a0 If genuine security holes are detected, reports are made and detail the severity of each vulnerability.\u00a0 Security experts recommend using a scanner that offers a technical, in depth explanation of each vulnerability detected along with appropriate suggestions for eradicating them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to a recent study by Scott + Scott, a law firm based in Connecticut, 85% of businesses in the U.S. have experienced some sort of data breach, a factor&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[9],"tags":[150,103,92,151,152,102,110,98],"class_list":["post-81","post","type-post","status-publish","format-standard","hentry","category-security-issues","tag-data-breach","tag-exploits","tag-firewall","tag-online-transactions","tag-owsap","tag-security","tag-ssl","tag-vulnerability"],"views":168,"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/81","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/comments?post=81"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/81\/revisions"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/media?parent=81"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/categories?post=81"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/tags?post=81"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}