From CIO Insight:
Web security research gurus with the Santa Clara, Calif.-based Web application security firm Cenzic uncovered their findings at RSA from data collected during the second half of 2009.
Though CIOs are constantly struggling to get their development teams spinning up new business-enabling
Web applications as quickly as possible, leaders would do well to take a lesson from the disconcerting trends laid out in Cenzic's most recent report.
The vast majority of proprietary web applications developed in house contain some sort of vulnerability or another, as seen by scans of customer applications conducted through the company's managed services.
The following nine types of vulnerabilities are the most common found through Cenzic's scans of customer Web apps.
| |
- Cross-Site Request Forgery
Frequency of Detection Within Scanned Applications: 14%
Ratio of Occurrence Among Found Web App Vulnerabilities: 1%
- Unauthorized Directory Access
Frequency of Detection Within Scanned Applications: 19%
Ratio of Occurrence Among Found Web App Vulnerabilities: 1%
- Insecure Resource Location
Frequency of Detection Within Scanned Applications: 24%
Ratio of Occurrence Among Found Web App Vulnerabilities: 1%
- SQL Injection
Frequency of Detection Within Scanned Applications: 32%
Ratio of Occurrence Among Found Web App Vulnerabilities: 4%
- Remote Code Execution
Frequency of Detection Within Scanned Applications: 32%
Ratio
- Authorization and Authentication
Frequency of Detection Within Scanned Applications:71%
Ratio of Occurrence Among Found Web App Vulnerabilities: 8%
- Session Management
Frequency of Detection Within Scanned Applications: 72%
Ratio of Occurrence Among Found Web App Vulnerabilities: 9%
- Cross-Site Scripting
Frequency of Detection Within Scanned Applications: 81%
Ratio of Occurrence Among Found Web App Vulnerabilities: 20%
- Information Leaks and Exposures
Frequency of Detection Within Scanned Applications: 93%
Ratio of Occurrence Among Found Web App Vulnerabilities: 53%
|
