Web Application Vulnerabilities Skyrocket
Unprotected Web• Web vulnerabilities made up 82 percent of the 2,652 commercial vulnerabilities found and analyzed by Cenzic.• Of those Web vulnerabilities, 89 percent were related to code in commercial Web applications.• Among commercial Web application vulnerabilities, cross-site scripting (XSS) bugs made up 19 percent and SQL injection made up 16 percent
No Title
Browser HolesWeb browser vulnerabilities made up another 8 percent and Web server vulnerabilities an additional 3 percent.Number of Browser Vulnerabilities Found • Mozilla Firefox: 77• Internet Explorer: 44• Safari: 25• Google Chrome: 25
No Title
Widespread ProblemOf all of the applications analyzed by Cenzic’s Click2Secure managed service, 93 percent suffered from some sort of information leak or exposure that could give hackers clues for further attack• 81 percent suffered from XSS vulnerabilities• 72 percent suffered from session management problems• 71 percent had authentication and authorization issues
No Title
WebSphere WoesOf Web server vulnerabilities, WebSphere bugs made up 51 percent of the issues
No Title
Adobe Most HackedAccording to Cenzic, the vendors with some of the most severe vulnerabilities found in the second half of 2009 included Adobe, Sun and HP. The report gave Adobe the ignominious title of the2009 vendor “The Year’s Most Hacked Software,” due to dangerous problems with Flash, ColdFusion and Reader.