Will we ever get a secure Internet? There’s no cause for optimism in the latest Cenzic report into web app security. A few highlights:
- 7 out of 10 Web applications analyzed by Cenzic were found vulnerable to Cross-Site Scripting attacks
- 70% of Internet vulnerabilities are in web applications
- FireFox has the most reported browser vulnerabilities at 40%; IE is 23%
- Weak session management, SQL Injection, and poor authentication remain very common problems
- 33% of all reported vulnerabilities are caused by insecure PHP coding, compared to 1% caused by insecurities in PHP itself.
OK, it’s another report from a security company with an interest in hyping the figures; but I found this one more plausible than some.
The PHP remarks are interesting; it would be good to see equivalent figures for ASP.NET and Java.
Technorati tags: cenzic, security, cross-site scription, sql injection, php, asp.net