The research is out and I can hear the journalist and editorial proclamations now:

Website security flaws on the rise!
Website malware getting the best of bloggers
Website security being undermined by software quality

Before you know it, the IT vendor marketing teams have climbed aboard the bandwagon and suddenly it feels as if the web is an awful place to be doing business. Well, it is a dangerous world out there when you consider:

  • 1.3 million websites are infected with malware1
  • 73% of organizations have been hacked at least once in the past two years2
  • 25% of organizations have no idea what the economic impact of a hacker attack would be2
  • 69% of organizations rely on firewalls to secure web applications2

That said you shouldn’t let the statistics and drama keep you from moving forward with your web ventures. After all, this stuff is not really any different from the risks we face in our personal lives on a daily basis yet we go on.

Being on the security assessment side of the equation, spotting website security flaws is a daily occurrence for me . From silly oversights to heads in the sand, web security does suffer when the right people aren’t on board and the proper controls aren’t in place. Even the Privacy Rights Clearinghouse Chronology of Data Breaches outlines numerous web-related attacks in the past few months alone.

It doesn’t have to be this way – and it won’t be – if you take the proper steps to keep your web systems in check.

Even if your web presence isn’t mission critical and even if you don’t process or store any sensitive information, you can certainly save yourself a lot of headache and keep yourself from becoming a statistic if you take the time to understand the web risks you’re up against and simply take the necessary steps to do something about them.

1 Dasient 2010 study of Web-based malware (

2 2011 Ponemon Institute State of Web Application Security (



Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.