contents | software | |||||||
| Cross-Site Scripting Ranks First in Top Security Risks In recent years, buffer overflows topped the list as the most popular vulnerability used by hackers to compromise websites. However, the latest report from Mitre, a US government funded research organization, clearly indicates that hackers are moving away from acts of vandalism to the more lucrative exploits of data theft. In fact, Cross-Site scripting and SQL Injection are now the most preferred hacking techniques used by hackers since these vulnerabilities allow access to such data as credit card details. The Common Vulnerabilities and Exposures (CVE) project by Mitre, reported that out of the 4375 security issues catalogued in the first nine months of 2006, web-related flaws have captured the top three spots: 21.5 percent of the CVEs were cross-site scripting (XSS) vulnerabilities; 14 percent SQL Injection and 9.5 percent php "includes". Buffer overflows came fourth, at 7.9 percent. The increasing popularity of XSS bugs indicates that attackers are concentrating more on programming languages typically used for Web applications, such as Java, .Net and PHP. Buffer overflows, on the other hand, affect executable files written in languages such a C. Assessing the security of a website: This increase in Web-based flaws stems directly from the simplicity of exploiting such vulnerabilities as XSS, and the enormous number of web applications freely available. In general, websites with such web applications as shopping carts, forms, login pages and dynamic content are always a prime target for attack. This is because, web applications require open and direct access to backend databases to function properly. If improperly coded, these common applications become easy gateways to social security numbers, credit card details and even medical records. Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. Furthermore, Acunetix protects against the embedding of Javascript malware in a web-page through its JavaScript Analyzer. Such protection secures all AJAX applications. Acunetix WVS also checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist. write your comments about the article :: © 2006 Computing News :: home page |