Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 1 October, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Ninety percent of websites vulnerable to attack

by The Gurus
November 22, 2013
in Editor's News
Share on FacebookShare on Twitter

Of 50 websites scanned by DOSarrest’s vulnerability testing service, nine out of ten would fail this test.

Sean Power, security operation center manager at DOSarrest said that 90 per cent of the websites it had tested on its vulnerability testing and optimisation (VTO) service would fail an initial test. He said: “It is not the case that 90 per cent of the websites are vulnerable to a severe flaw, but it is more likely to be a remote code execution or database flaw.
“We put the mark at quite a high standard and there were only one or two instances where we couldn’t make any recommendations to the website. However, findings did show that 95 per cent of the sites scanned found flaws that could cause sensitive information to be leaked, so they are not to be taken lightly.”
DOSarrest, who launched the VTO last month, released the analysis data from the first 50 sites it has scanned. “This is one of those things that happens where sometimes there are more critical flaws and vulnerabilities and people jump on the bandwagon,” Power said.
Of the vulnerabilities it found, the most were cross-site request forgery (CSRF) flaws (67 per cent), while 28 per cent were XSS and 22 per cent SQL Injection vulnerabilities. The VTO findings were that 95 per cent of the flaws could cause information leakage due to outdated software versions and installed modules, while 71 per cent could allow sensitive information disclosure.
“SQLi and XSS are bigger news and well known and are potentially dangerous, but CSRF would be a type of online identity theft where you have a user session that is manipulated by an attacker using that vulnerability,” he said.
Looking at the recent report for the number of new vulnerabilities reported to the National Institute of Standards and Technology (NIST) in August, Power commented that the rise to 394 being reported, including 140 rated as high severity and 83 as cross-site scripting (XSS) flaws, was higher number than usual, especially when the usual number was around 100 rated as high severity.
“This is one of those things that happens and sometimes there are more critical flaws and vulnerabilities and people jump on the bandwagon,” Power said.
FacebookTweetLinkedIn
ShareTweet
Previous Post

National Crime Agency opens to centralise crime fighting

Next Post

Survey shows lack of information on risk management at board level

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information