Statistics Suggest Increasing Security Flaws in Web Programs

Companies providing security auditing and compliance services have lately released statistics that show that security scanners for Web programs are detecting coding flaws in an ever-increasing number.

According to a recent research by nCircle (a security and compliance auditing firm), security flaws in Web programs increased 154% during 2007-2008, and are still rising at 25% in the current year (2009). nCircle reports that it spotted over 3,000 fresh vulnerabilities in Web programs during 2008, and expects that this number would surpass during 2009.

Moreover, SQL Injection flaws continue to be Web programs' most severe problem, while other problems like cross-site scripting vulnerabilities, input authentication vulnerabilities as well as code injection vulnerabilities follow next.

In May 2009, WhiteHat Security Inc., a vulnerability assessment company, released a similar statistics for Web flaws saying that around 70% of the total websites it scrutinized had a fair chance of containing a minimum of one critical flaw, while 63% of other websites possibly contained vulnerabilities that need to be addressed.

WhiteHat also indicates that social-networking websites have the greatest possibility of containing coding flaws, while education and IT websites with similar problems follows next.

Meanwhile, the security companies -nCircle and WhiteHat are promoting tools that scan websites for vulnerabilities. A lot of companies are also installing firewalls for Web programs and using patches to guard from cyber-attacks.

However, the companies' statistics suggest some good news as more security flaws are now being spotted prior to hackers targeting them. Certainly, security will grow during July-December 2009, according to SearchFinancialSecurity.com, which surveyed 175 security professionals belonging to financial institutions like Citi, Bank of America, Wells Fargo, UBS, JP Morgan, Wachovia and AIG.

The survey found that 49% of the institutions would increase their security expenditure during July-December 2009, while 45% have now released their security projects which were shelved off so far.

Additionally, Google recently declared that it was developing an operating system that would remove malware from consumers' computers since flaws within Web programs were generally very common today, with cross-site scripting and SQL Injection assaults on websites growing in numbers.

Related article: Stock Spamming On the Rise

» SPAMfighter News - 7/23/2009