{"id":2409,"date":"2007-10-16T00:00:00","date_gmt":"2007-10-16T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2007\/10\/16\/nine-out-of-ten-websites-have-serious-vulnerabilities\/"},"modified":"2021-12-30T11:41:17","modified_gmt":"2021-12-30T11:41:17","slug":"nine-out-of-ten-websites-have-serious-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2007\/10\/16\/nine-out-of-ten-websites-have-serious-vulnerabilities\/","title":{"rendered":"Nine out of ten websites have serious vulnerabilities"},"content":{"rendered":"<p>Based on more than a year of data, this is the industry&#8217;s only report focused solely on previously unknown vulnerabilities on publicly facing websites.  The report shows that nine out of ten websites have serious vulnerabilities that make them targets for malicious online attacks.  Cross-site Scripting (XSS) remains the top vulnerability class, appearing in approximately three quarters of websites, while Information Leakage is the top vulnerability class of the overall population.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The report statistics were gathered through an outsourced service providing website vulnerability assessments on an ongoing basis.<\/p>\n<p>With more than six hundred sites under management, including many of the Fortune 500, WhiteHat has access to an unparalleled amount of security data, which allows them to accurately identify which issues are the most prevalent.<\/p>\n<p>Since the last report in April 2007, there has been a noticeable increase in several technical vulnerabilities including XSS, Information Leakage, SQL Injection and HTTP Response Splitting, which can be directly attributed to the discovery of new attack techniques and the improvement in vulnerability identification technology.<\/p>\n<p>http:\/\/www.net-security.org\/secworld.php?id=5539<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2409","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2409"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2409\/revisions"}],"predecessor-version":[{"id":4896,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2409\/revisions\/4896"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}