Cross-Site Scripting ranks first in top security risks

London, UK Â 19 September, 2006 Â In recent years, bufferoverflows topped the list as the most popular vulnerability used by hackers tocompromise websites. However, the latest report from Mitre Corp., a US governmentfunded research organization, clearly indicates that hackers are moving away fromacts of vandalism to the more lucrative exploits of data theft. In fact, Cross-Sitescripting and SQL Injection are now the most preferred hacking techniques used byhackers since these vulnerabilities allow access to such data as credit carddetails.

The Common Vulnerabilities and Exposures (CVE) project by Mitre, reported that outof the 4375 security issues catalogued in the first nine months of 2006, web-relatedflaws have captured the top three spots: 21.5 percent of the CVEs were cross-sitescripting (XSS) vulnerabilities; 14 percent SQL Injection and 9.5 percent php includes . Buffer overflows came fourth, at 7.9 percent.

The increasing popularity of XSS bugs indicates that attackers are concentratingmore on programming languages typically used for Web applications, such as Java,.Net and PHP. Buffer overflows, on the other hand, affect executable files writtenin languages such a C.

Assessing the security of a website

This increase in Web-based flaws stems directly from the simplicity of exploitingsuch vulnerabilities as XSS, and the enormous number of web applications freelyavailable. In general, websites with such web applications as shopping carts, forms,login pages and dynamic content are always a prime target for attack. This isbecause, web applications require open and direct access to backend databases tofunction properly. If improperly coded, these common applications become easygateways to social security numbers, credit card details and even medical records.

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automaticallychecking for SQL injection, Cross site scripting and other vulnerabilities.Furthermore, Acunetix protects against the embedding of Javascript malware in aweb-page through its JavaScript Analyzer. Such protection secures all AJAXapplications. Acunetix WVS also checks password strength on authentication pages andautomatically audits shopping carts, forms, dynamic content and other webapplications. As the scan is being completed, the software produces detailed reportsthat pinpoint where vulnerabilities exist.

Acunetix provides free audit to help companies determine the security of their websites

Enterprises who would like to have their website security checked can register for afree audit by visiting www.acunetix.com/security-audi t. Participating enterpriseswill receive a summary audit report showing whether their website is secure or not.Summary reports will be delivered within five business days of submission.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagshipproduct, Acunetix Web Vulnerability Scanner, is the result of several years ofdevelopment by a team of highly experienced security developers. Acunetix is aprivately held company with headquarters based in Europe (Malta), a US office inSeattle, Washington and an office in London, UK. For more information aboutAcunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.

For more information:Please email Tamara Borg: tamara@acunetix.comAcunetix Ltd: Tel: (+44) 0845 6126712, Fax: (+44) 0845 6126716URL: http://www.acunetix.com.

Source: Express-Press-Release.com

Get RSS updates on latest computer technology and software related press releases   

You are welcome to include these headlines in your own pages. If you want to find out how to parse this RSS file please read our tutorial How to parse RSS feeds with PHP.