SOURCE: Cenzic


March 31, 2011 08:05 ET

Web Application Trends Report Reveals Widespread Vulnerabilities in Common Web Applications, Escalating Cyberwarfare, Cyberterrorism Incidents

More Than 2,100 Web Vulnerabilities Found in Second Half of 2010, Many With Public Exploits Available, But Browsers Improved a Great Deal

SANTA CLARA, CA--(Marketwire - March 31, 2011) - Cenzic Inc., the leading provider of Web application security assessment and risk management solutions, today released its report detailing statistics on the vulnerability trends for Web applications for the second half of 2010. The report reveals widespread Web application vulnerabilities, with 2,155 discovered -- a third of which have both no known solution and an exploit code publicly available. The report also revealed aggressive campaigns by Web browser makers including Google, Microsoft, and Mozilla to improve the security of their Web navigation products.

Among the published Web vulnerabilities in Commercial Off The Shelf (COTS) software, Cross Site Scripting (XSS) and SQL Injection dominated, accounting for 54 percent of the total number of Web vulnerabilities in the second half of 2010. 

"With all the publicity, education, and known attacks that have exploited XSS and SQL vulnerabilities, it is astounding that companies still haven't plugged these threats," said Mandeep Khera, chief marketing officer at Cenzic. "Cybercriminals are well aware of these weaknesses, and worse still, with the amount of exploit codes publicly available, even a hacker with a modicum of talent has ability to cause tremendous damage. With an average security breach costing companies millions of dollars, lack of precaution is a daily risk that must be taken seriously. But, to give credit where it's due, all browser companies have done a great job in taking proactive steps toward better security. However, companies need to upgrade their Web applications to the latest version to ensure security for their customers."

The Cenzic Trend Report also analyzed vulnerabilities in various Web browsers, detecting many security vulnerabilities yet aggressive campaigns by manufacturers to improve their safety. Google's Chrome browser had the most vulnerabilities detected -- 89 -- due to its aggressive campaign to offer cash rewards for any discovered. In the end, the company fixed 88 of these vulnerabilities quickly and efficiently. Similarly, Mozilla Firefox had 65 vulnerabilities detected and fixed 61 in a timely manner. Apple's Safari fixed 39 of 41, Internet Explorer fixed 26 of 32, and Opera 27 of 29 vulnerabilities.

Detailed in the report, the second half of 2010 gave rise to many high profile Web application related attacks on corporations, universities, and government agencies as well, including a data breach at Ohio State University which affected 760,000 people, Anonymous Hackers' Wikileaks Infowar against credit card companies, the Iranian Cyber Army's web attacks against popular satellite channel Farsil and technology blog Techcrunch, and more.

The Cenzic Application Security Trends Report emphasizes the Top 10 Web application vulnerabilities from published reports in Q3-Q4 2010, illustrating trends among thousands of corporations, financial institutions and government agencies.

To download a PDF version of the Q3-Q4 2010 Trend Report, please visit:

About Cenzic
Cenzic, a trusted provider of software and SaaS security products, helps organizations secure their websites against hacker attacks. Cenzic focuses on Web Application Security, automating the process of identifying security defects at the Web application level where more than 75 percent of hacker attacks occur. Our dynamic, black box Web application testing is built on a non-signature-based technology that finds more "real" vulnerabilities as well as provides vulnerability management, risk management, and compliance for regulations and industry standards such as PCI. Cenzic solutions help secure the websites of numerous Fortune 1000 companies, all major security companies, leading government agencies and universities, and hundreds of SMB companies -- overall helping to secure trillions of dollars of e-commerce transactions. The Cenzic solution suite fits the needs of companies across all industries, from a cloud solution (Cenzic ClickToSecure Cloud™), to testing remotely via our managed service (Cenzic ClickToSecure® Managed), to a full enterprise software product (Cenzic Hailstorm® Enterprise ARC™) for managing security risks across the entire company.

Contact Information