A year after the release of the online version of our vulnerability scanner in March 2014, Acunetix have aggregated the findings of over 15,000 scans performed on 1.9 million files over the past 12 months with some interesting results. The report details the most common vulnerabilities found, how often they occurred and which bugs our users have been susceptible to.
Having surveyed over 5,500 organisations, the results are extremely troubling. In the race to produce user-friendly interfaces and customer-centred apps, modern companies are leaving their precious data wide open to cyber criminals. One look at the news headlines shows cyber-attacks are all too common. With nearly half of web apps scanned containing a high security vulnerability such as XSS or SQL Injection, it’s just like leaving your wallet or unlocked phone lying around in a public place. It’s more a question of how long it takes, rather than if at all, before you are compromised.
Overall, our findings confirm that web application vulnerabilities are increasingly more prevalent than network vulnerabilities and are posing serious threats to organizations’ overall security posture, such as data loss or alteration, system down-time, loss of reputation and severe fines from the regulator, amongst others.
This report offers an insight into the types of security issues most websites are vulnerable to. We feel it’s important to share this data as it can help to inform website owners of their biggest risks of attack and what can be done to prevent it.