{"id":2212,"date":"2008-09-11T00:00:00","date_gmt":"2008-09-11T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2008\/09\/11\/report-in-depth-analysis-finds-more-severe-web-flaws\/"},"modified":"2021-12-30T11:40:53","modified_gmt":"2021-12-30T11:40:53","slug":"report-in-depth-analysis-finds-more-severe-web-flaws","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2008\/09\/11\/report-in-depth-analysis-finds-more-severe-web-flaws\/","title":{"rendered":"Report: In-Depth Analysis Finds More Severe Web Flaws"},"content":{"rendered":"

A new report on Web threats released today by the Web Application Security Consortium says that in-depth manual and automated assessments found nearly 97 percent of sites carry a severe vulnerability. “About 7.72% [of] applications had a high-severity vulnerability detected during automated scanning,” according to the WASC report. The pervasive cross-site request forgery (CSRF) vulnerability didn’t get a high ranking in the report (it was found in only 1.43 percent of the apps) however — even though it’s “the most prevalent vulnerability,” according to WASC. That’s because “it is difficult to detect automatically and because a lot of experts take its existence for granted.”<\/p>\n","protected":false},"excerpt":{"rendered":"

As usual, the vulnerabilities most found in Web applications were cross-site scripting, information leakage, and SQL injection.<\/p>\n

XSS accounted for 41 percent of all vulnerabilities; information leakage, 32 percent; SQL injection, 9 percent; and predictable resource location flaws, 8 percent.<\/p>\n

“Looking at the numbers, I thought SQL injection would have a bigger presence in the number of vulnerabilities and vulnerable sites. Although the statistics seem to show the number is decreasing from previous years, do not stop fighting this class of attack, and all types of injection in general!!<\/p>\n

http:\/\/www.darkreading.com\/document.asp?doc_id=163467&WT.svl=news2_4<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2212","post","type-post","status-publish","format-standard","hentry","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2212"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2212\/revisions"}],"predecessor-version":[{"id":4699,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2212\/revisions\/4699"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}