Sunday, January 17, 2010

Website Security Statistics

Web security company Cenzic released a report detailing trends and numbers related to Web security for the first and second quarters of 2009.



Among the most serious vulnerabilities were path traversal (folder listing), cross-site scripting, cross-site request forgery and SQL injection. You may have to deal with all of these in order to make your website secure.

A report by security company Whitehat Security has indicated that:
- Historically, 82% of assessed websites have had at least one issue of HIGH, CRITICAL, or URGENT severity
- 63% of assessed websites currently have issues of HIGH, CRITICAL, or URGENT severity
- Historically, websites average 17 vulnerabilities identified during the lifetime of the assessment cycle
- Websites currently average 6 open vulnerabilities

A report by The Web Application Security Consortium (WASC) showed that for about 12186 sites tested, 97554 vulnerabilities were detected. The analysis showed that:
- more than 13% of all reviewed sites could be compromised completely automatically
- about 49% of web applications contain vulnerabilities of high risk level (Urgent and Critical)
- the most wide spread vulnerabilities are Cross-site Scripting, different types of Information Leakage, SQL Injection, HTTP Response Splitting
- administration issues were 20% more frequent cause of a vulnerability than system development errors
- the probability to compromise a host automatically rose from 7 to 13 %

"When Asked, Most Website Owners Stated That Their Website And Data Was Safe From Hackers. Over 73% Were Wrong!"

Website security and monitoring is a vital part of the success of your online business. Making it a priority is crucial for your website file and data protection. Understanding that and taking the steps to properly implement website security practices can mean increased sales and more business opportunities.

To help you with your website security, I recommend that you visit:

http://www.websiteprotection.net/

You will quickly learn how to combat these hackers.
Many of the solutions can be implemented almost immediately, providing you with your first line of defense.