Web application vulnerabilities continue to increase, says nCircle

Web application vulnerabilities continue to increase, says nCircle

Tags:   software development methodology  Web Application and Web 2.0 Threats  web application security

By Robert Westervelt | Jul 3, 2009

Web application security scanners are finding increasing numbers of coding errors, according to the latest statistics from compliance auditing vendor, nCircle.

The latest study by nCircle found that Web application vulnerabilities from 2007 to 2008 increased by 154% and are continuing to grow by 25% so far this year. But the growth occurred even as the total number of overall security flaws is decreasing, said the security vendor.

SQL injection errors remain the biggest problem for Web applications, followed by cross-site scripting errors, input validation flaws and code injection errors.

nCircle said it detected more than 3,000 new Web application vulnerabilities in 2008. So far the vendor says it's on track to exceed that number this year. In the first two quarters of 2008, nCircle detected 1,548 Web application vulnerabilities.

The statistics could signal some good news for firms since more vulnerabilities are being detected before they are targeted by hackers. Still, Web application security expert Ryan Barnett said it can be challenging to create automatic scanner checks for many classes of vulnerabilities, such as cross-site request forgery and stored cross-site scripting. The rising vulnerability numbers could also reflect the fact that firms are developing Web applications in increased numbers. The awareness of Web application security issues is causing more organizations to assess their apps with vulnerability scanners, said Barnett, director of application security research at Breach Security Inc.

"Although all of the vulnerability scanning statistics list cross-site scripting as the No. 1 vulnerability in websites, the fact is that profit driven attackers are not yet leveraging them as they haven't figured out a way to directly monetize and automate them," Barnett said. "This may change in the near future, however, as more and more client driven attacks are being tested out on social network sites such as Facebook and Twitter."

Successful attacks on users of Facebook and Twitter demonstrate the ability of hackers to spread wormable code that can impact a large number of users, Barnett said.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Staying a step ahead of hackers new
Organizations are relying more and more on Web applications as a primary means of doing business. As the number and complexity of Web applications grow, so does the number of vulnerabilities introduced into your Web environment. Unfortunately, this makes you very attractive to hackers.
Outlook: Emerging security technology trends
As part of an ongoing discussion from IBM, this white paper helps us to gain a perspective on the security challenges organizations will face in the next few years. What fundamental technology trends are expected to impact organizations this and the following years? And how can organizations position themselves to profit from the myriad opportunities while managing the risk that inevitably accompanies them?
 
 
 
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
Budget-conscious NGO cuts costs and improves IT productivity with Symantec
St James' Settlement reduces staff time spent on data protection administration by 80% and on software inventories by almost 100%.
 
 
 

Recent popular content

Most Read
Internet Explorer vulnerabities cause data leakage
Tripwire steps into SIEM territory
Microsoft expands SDL program
What to do with Microsoft SMB2 vulnerability
Following up with networking penetration tests

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS