IT Industry Websites Most Vulnerable
The 2013 WhiteHat website security statistics report redefines vulnerability
The 13th edition of WhiteHat’s website security statistics report has been released which is loaded with information about what makes website vulnerable, which industry is most susceptible and how companies can increase web securities. This is the first time that WhiteHat’s report has correlated website vulnerability to the software development lifecycle (SDLC) which will help developers and programmers identify the core problems.
The report is based on the data obtained by WhiteHat Sentinel which monitored tens of thousands of websites of 650 organisations and activity data from survey results of 76 respondents about SDLC.
Jeremiah Grossman, co-founder and CTO of WhiteHat Security stated, “This report – comprising survey and website vulnerability data – is the first time we can correlate various software security controls and SDLC behaviors to vulnerability outcomes and breaches. The results are both insightful and complex.”
The previous editions of the report listed serious vulnerabilities as those with a High, Critical or Urgent severity as defined by PCI DSS naming conventions, exploitation of which “could lead to server breach, user account take-over, data loss or compliance failure”. However, in the latest edition, the definition has been slightly expanded to include all “those in which an attacker could take control over all, or some part, of the website, compromise user accounts on the system, access sensitive data, violate compliance requirements, and possibly make headline news”.
In 2012, the most prevalent vulnerability classes are still Information Leakage and Cross-Site Scripting. Furthermore, the industry analysis revealed that:
With the exception of sites in the IT and energy sectors, all industries found fewer vulnerabilities in 2012 than in past years.
The IT industry experienced the highest number of vulnerabilities per website at 114.
Government websites had the fewest serious vulnerabilities with eight detected on average per website, followed by banking websites with 11 on average per website.
Entertainment and media websites had the highest remediation rate (the average percentage of serious vulnerabilities resolved) at 81 percent.
In years past, the banking industry had the fewest vulnerabilities and fixed the most vulnerabilities of any industry. This year, banking came in second with 11 average serious vulnerabilities found per website and a below average remediation rate of 54 percent (average is 61 percent across all industries).
This security intelligence is greatly useful for security engineers. You can contact Liz Kuzma at firstname.lastname@example.org for further details on the report. Although, you need to register on the WhiteHat website to read the full report, you can read the press release for free on their official website.
Nabiha Zeeshan is a social media addict currently loving her job at Cygnismedia.com/Web. She spends her leisure time researching on social media trends and consumer psychology. Follow her @NabihaZeeshan