[WebPub] Report - Most web apps have vulnerabilities

Allison Dolan adolan at MIT.EDU
Tue Nov 10 13:38:04 EST 2009 

In case this report is of interest

......Allison  Dolan (617-252-1461)
extract below - full article at http://www.darkreading.com/security/ 
app-security/showArticle.jhtml? 
articleID=221601000&subSection=Application+Security


Majority Of Web Apps Have Severe Vulnerabilities

Flaws 'could potentially lead to the exposure of sensitive or  
confidential user information during transactions,' according to new  
report from Cenzic
Nov 10, 2009 | 09:40 AM
By Thomas Claburn, InformationWeek
Special to Dark Reading


The number of software vulnerabilities detected has risen to the  
point that almost 9 out of 10 Web applications have flaws that could  
lead to the exposure of sensitive information.

Cenzic's "Web Application Security Trends Report Q1-Q2, 2009" report,  
released on Monday, says that more than 3,100 vulnerabilities were  
identified in the first half of the year, 10% more than the number  
identified in the second half of 2008.

Of the vulnerability total, 78% were Web application vulnerabilities,  
lower than in the second half of 2008 but higher than in the first  
half of last year.

The SANS Institute's Top Cyber Security Risks report, released in  
September, found that over 60% of attack attempts on the Internet  
target Web applications.

Ninety percent of the Web application vulnerabilities were in  
commercial Web apps and 8% were the browsers that run Web apps,  
Cenzic's report says.

The makers of the software affected by the top ten vulnerabilities  
include PHP, SAP (NYSE: SAP), Sun, Citrix (NSDQ: CTXS), Apache, F5  
Networks, Symantec (NSDQ: SYMC), and IBM (NYSE: IBM).

Cenzic says that SQL Injection and Cross Site Scripting  
vulnerabilities played a role in 25% and 17% of all Web attacks  
respectively.

Cenzic's report claims that 87% of the analyzed Web applications "had  
serious vulnerabilities that could potentially lead to the exposure  
of sensitive or confidential user information during transactions."

In the second quarter of 2008, that number was 78%.

In terms of browser vulnerabilities, Firefox and Safari led the pack,  
and Google (NSDQ: GOOG) Chrome was conspicuously absent.






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/webpub/attachments/20091110/f4726471/attachment.htm

More information about the WebPub mailing list