Study: Only 10% of Web Applications are Secured Against Common Hacking Techniques
According to a study by WebCohort, only 10% of the web applications are secured. Pretty scary. (Well, remember that Webcohort is a security company that sells security consulting. This conclusion serves their interests :))
These conclusions are also true for all platforms, all development languages and technologies. The interesting thing in this is that the vulnerabilities that they have discovered are not in the HTTP server "X" nor in the operating system "Y" but in the developer's code! These applications include e-commerce, online banking, enterprise collaboration, and supply chain management sites - not really your sister's homepage...
Most Common Application Layer Vulnerabilities (Source: Webcohort)
| Attack |
Percent vulnerable |
| Cross-site scripting |
80% |
| SQL injection |
62% |
| Parameter tampering |
60% |
| Cookie poisoning |
37% |
| Database server |
33% |
| Web Server |
23% |
| Buffer overflow |
19% |
Funny... I think that some people should be educated to this. They should care more about how trained are their developers on security rather than complaining about the supposed weaknesses of Microsoft's products.
</RANT>