Web application security company Acunetix have conducted a study of 3200 web sites over the past year and have discovered that 70% of these sites contained high and medium risk security vulnerabilities. 

In the study 70% of the scanned websites contained a high or medium risk vulnerability, with a high probability of these vulnerabilities being discovered and manipulated by an attacker to steal the sensitive data.

Unsurprisingly 50% of the websites they scanned with instances of high risk vulnerabilities were susceptible to SQL Injection, while 42% of these websites were prone to Cross Site Scripting.

You can read more here on the Acunetix web site.

However in the experience of the team here at Virus.Org the numbers claimed by Acunetix seem a little low, a concern voiced by other security researchers too. Our experience has shown that many more sites are vulnerable to Cross Site Scripting, with the number looking more like 80% in the sites tested by Virus.Org staff. Likewise the instances of SQL Injection are high, however many have been Blind SQL Injection, however one of the team actually found an X-Path injection recently. However the claim of 70% by Acunetix is a scary enough thought that it may spur many more site developers to get up to grade and fix those holes.

Add this page to your favorite Social Bookmarking websites