Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 28 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Most common web-based vulnerabilities still prevalent after nine years

by The Gurus
July 31, 2018
in Editor's News
vulnerability
Share on FacebookShare on Twitter

Analysis of vulnerabilities discovered by NCC Group researchers over the last nine years found that instances of common web-based vulnerabilities have largely refused to fall over during this time, with cross-site scripting (XSS) vulnerabilities appearing the most frequently.

 

The global cyber security and risk mitigation expert found that despite this type of vulnerability being understood across the industry for decades, XSS flaws, which enable attackers to inject malicious scripts into websites or victim browsers, still account for 18% of all bugs logged.

 

However, some classes of bugs have become almost non-existent, including format string flaws, in which submitted data is evaluated as a command by the application, as well as some memory-related flaws, and flaws that allow the exploitation of XML applications and services.

 

Commenting on this analysis, Matt Lewis, research director at NCC Group, said: “While some historically common vulnerabilities have disappeared over the last nine years, cross-site scripting has been around for almost 20 years. We should have seen a significant fall in these types of vulnerabilities, but this hasn’t been the case, which highlights the need for better education around security within the software development life cycle.”

 

Overall, the team uncovered vulnerabilities in 53 different categories, and found that there was an increase in the number of bugs targeting complex applications and hardware. This included deserialization flaws – when untrusted data is used to abuse the logic of an application and inflict DDoS or remote code attacks – and the exploitation of multiple low-risk issues in a chain across a complex web application, resulting in full, unauthorised control.

 

As well as this, researchers saw an increase in hardware-related design flaws, following an increased engagement with embedded systems and IoT devices.

 

Matt Lewis added: “Although there could be a lot of factors influencing the discovery of bugs over the last nine years – such as shifts in industry focus with regard to certain classes of bugs, and even the time that our consultants have available – there is still an ongoing prevalence of the most common vulnerabilities.

 

“As well as this, we’re already seeing an increasing variety of relatively new attack methods as applications and systems become more complex. This highlights the need for more investment into security skills, as well as a wider understanding of how important the mitigation of these vulnerabilities is for the overall security of businesses.”

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweetShare
Previous Post

UK Card Fraud Falls 8 Percent in 2017 as Criminals Seek New Battlegrounds

Next Post

How hack on 10,000 WordPress sites was used to launch an epic malvertising campaign

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information