Web Application-based Flaws Continue to Dominate

The number of threats based on Web programs continues to increase and the excessive number of vulnerabilities in many of these programs makes it convenient for attackers to successfully steal data for generating income, according to the new research report,"Application Security Trend Report for Q4 2007", prepared by Cenzic, released on February 28, 2008.

According to researchers at Cenzic, 71% of the total vulnerabilities reported globally during Q4 of 2007 were linked to Web applications affecting both servers and browsers. And this estimate represented a 3% growth over Q3 2007. Also, the main reason responsible for the growth of the problem seemed to be the paucity of people's skills for secure development in the creation of the programs.

While the number of flaws present in the Hypertext Preprocessor (PHP) programming language was itself responsible for less than 1% of the vulnerabilities, the greater part of the problem continue to emerge clearly from insecure practices of code development. Worse still, about 70% of the total vulnerabilities reported from Web applications could be described as exploitable.

Unless coders having malicious purposes start to improve their Web application writing techniques, the situation might get worse as there continues to be a high demand for Web-related business tools but low skills for secure development.

Flaws in multimedia programs including Apple's QuickTime and Microsoft's Windows Media Player were responsible for just 1% of the vulnerabilities in Q4 2007, coming down by 4% from Q3 2007.

Although the numbers might seem to indicate that the world of vulnerabilities in Web applications are improving, the highly pervasive nature of the problem makes the gains represent a very low level of improvement.

Researchers at Cenzic said that 2007 saw several creative and deadly security attacks of which Website hacking gained momentum because hackers had enough vulnerability in various parts of the world and in different kinds of Web applications to exploit.

Besides, attack continues from injections of SQL to a malware gang in Russia, hacking a government Website to Google vulnerability exploitation to assaults on universities. Although financial gain is the primary objective, there had been theft of student records, intellectual property, and defacement incidents as well.

Related article: Web Browsers Too Have Security Exploits

» SPAMfighter News - 3/13/2008