Home » Topics » Cybersecurity » Almost ALL websites have serious security vulnerabilities, study shows

Almost ALL websites have serious security vulnerabilities, study shows

Avatar photoby Ben Rossi

Nearly half (46%) of websites contain a ‘high security’ vulnerability such as XSS or SQL Injection, new research has revealed.

The study was performed on over 1.9 million files across 15,000 websites belonging to 5,500 companies. Eighty-seven percent of the websites were affected by at least a ‘medium security’ vulnerability.

Many of the scans also found that the main superbugs of 2014 had not been patched, especially POODLE.

The research, which saw security vendor Acunetix collect data over a period of one year ending March 2015, shows that the high-profile data breaches reported in the media are not the unlucky few – most companies are leaving themselves vulnerable to attacks.

The company defined ‘high security vulnerability’ as something an attacker can easily exploit to compromise the integrity and availability of the target application, gain access to backend systems and databases, deface the target site and trick users into phishing attacks.

Web apps that have a high security vulnerability would fail at complying with the financial industry’s PCI Data Security Standards.

Hackers continue to concentrate their efforts on web-based applications since they often have direct access to back-end data such as customer databases.

>See also: Britain is paying the price of cybercrime

The nature of cyber-attacks is also diversifying as criminals target not only financial data but personal data for use in identity theft and confidential intelligence to carry out cyber espionage.

When it comes to network vulnerabilities, administrators are performing better, however the stats are still not reassuring.

Ten percent of the servers scanned were found to be vulnerable to high security risks, and 50% had a medium security vulnerability.

Keeping in mind most of these servers are perimeter servers, having a network vulnerability on these internet-facing servers could spell disaster, as this could easily lead to server compromise and access to other servers on the network.

“These are worrying stats, showing businesses are failing in some basic web security areas,” said Nick Galea, CEO at Acunetix. “It’s just like leaving your wallet or unlocked phone lying around in a public place. It’s more a question of how long it takes, rather than if at all, before you are compromised.”

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data Breach

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise