Report: Online Social Networks, Education Sites Harbor Most Security Risk

WhiteHat Security, a leading provider of Web site risk management solutions, recently released the eighth installment of the WhiteHat Security Web site Security Statistics Report, a high-level perspective on major Web site security issues that continue to compromise corporate data across all industries. WhiteHat's report, assembled from real-world Web site security data, cites the Top 10 Web site vulnerabilities and provides insight into the evolving challenges facing organizations today.

WhiteHat's Statistics Report provides an opportunity for businesses to understand the most prevalent vulnerabilities so they can develop and implement an effective Web site risk management program, reduce exposure and improve their overall security posture. WhiteHat created the report to educate the business community and general public about the most prevalent vulnerabilities that can lead to Web site compromises.

Unsurprisingly, only 36 percent of Web sites in the report currently do not have any serious vulnerabilities. From a historical perspective, this percentage drops to 17. Through its research, WhiteHat found that the characteristics of Web sites currently without any serious issues were nearly identical to those with them, with the exception that they had about half as many from the start.

This proves to be significant in that no Web site can be deemed immune -- all Web sites have an opportunity to be compromised. These odds are reduced when the business decides to proactively identify and remediate their vulnerabilities.

"It is extremely interesting to see that all the Web sites that are no longer vulnerable are so similar characteristically in technology and site format to those that have vulnerabilities," said Jeremiah Grossman, founder and chief technology officer for WhiteHat Security. "The big difference right now seems to be that these organizations set an internal mandate to actively fix their flaws and reduce the potential for damage to their Web site, reputation and customers."

Recent attacks on thousands of Web properties including Twitter, Facebook and MySpace also validate WhiteHat's findings that these platforms have what hackers are eager to steal -- user supplied data. With 86 percent of these sites hosting urgent, critical or high severity vulnerabilities, social networks lead all verticals. A close second, education Web sites are also highly vulnerable, with 83 percent having at least one serious vulnerability. This is not surprising, as educational institutions have many public-facing applications and often do not have significant resources dedicated to Web site security.

WhiteHat's latest report contains data collected between January 1, 2006 and October 1, 2009, and finds that the percentage of high, critical or urgent issues continue to slowly increase. WhiteHat also finds that 83 percent of Web sites have had a high, critical or urgent issue over their lifetime and 64 percent of Web sites currently have a high, critical or urgent issue. Of the 22,000 vulnerabilities identified, almost 9,000 remain open, which means encouragingly that the majority – more than 13,000 -- have been closed.

As in previous reports, Cross-Site Scripting and SQL Injection continue to be fixtures in the Top 10 list along with many other common classes of attack. The report also shows that fix percentages are climbing for some and decreasing for others. In particular, more organizations are repairing technical issues such as SQL Injection and Cross-Site Scripting in larger volumes, an indication that awareness is building regarding the prevalence of easy exploitations of these specific vulnerabilities.

The report statistics were gathered through the deployment of WhiteHat Sentinel, a Software-as-a-Service (SaaS) based Web site risk management solution, providing the most accurate vulnerability information in the industry. WhiteHat Sentinel executes rigorous and ongoing Web site security assessments on more than 1,500 Web sites that helps companies protect their brands, comply with PCI Compliance and avoid costly and damaging breaches.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3