{"id":10441,"date":"2009-11-14T12:51:00","date_gmt":"2009-11-14T10:51:00","guid":{"rendered":""},"modified":"2009-11-14T12:51:00","modified_gmt":"2009-11-14T10:51:00","slug":"web-browsers-which-ones-are-most-vulnerable","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/software\/10441-web-browsers-which-ones-are-most-vulnerable.html","title":{"rendered":"Web browsers: which ones are most vulnerable?"},"content":{"rendered":"<p>Cenzic, a provider of risk management solutions, has revealed the most prominent types of Web application vulnerabilities for the first half of 2009 in <a href=\"http:\/\/www.cenzic.com\/downloads\/Cenzic_AppSecTrends_Q1-Q2-2009.pdf\" target=\"_blank\">their latest report<\/a>.<\/p>\n<p>Of the 3,100 hacking vulnerabilities identified, Web-based exploits and attacks comprised 78%. This is a slight decrease from 80% in Q3-Q4 2008, but above the 71%-73% levels for Q1-Q2 2008.<\/p>\n<p>Of the Web vulnerabilities, 90% were related to code in commercial Web applications. Web browsers comprised 8% and Web servers 2%.<\/p>\n<p>Amongst the four most popular technologies &ndash; Internet Explorer, Firefox, Opera and Safari &ndash; Firefox had 44% of all browser vulnerabilities. Safari is exposed to 34% of browser vulnerabilities, with the increased number due to flaws in the iPhone Safari browser. Internet Explorer sits at 15%, and Opera at 6%.<\/p>\n<p>Some key findings from the report include:<\/p>\n<ol>\n<li>Of the various classes of vulnerabilities, SQL Injection and Cross Site Scripting (XSS) vulnerabilities continued to dominate with 25% and 17% respectively. <\/li>\n<li>Authorization and Authentication vulnerabilities were higher at about 14 % of total Web vulnerabilities. Directory Traversal and Buffer Error exploits combined made up 20%. <\/li>\n<li>Code Injection is at 7%, Information Leak at 4%, and Cross-Site Request Forgery at 3%. <\/li>\n<li>Sun Java, PHP, and Apache continue to be among the top 10 vendors having the most severe vulnerabilities for the first half of 2009.<\/li>\n<\/ol>\n<p><strong>Security blind spot<\/strong><\/p>\n<p>&ldquo;The fact that hackers can have direct access to your data using such common outlets is staggering,&rdquo; said Mandeep Khera, chief marketing officer at Cenzic.<\/p>\n<p>&ldquo;The worst part is that once they get in, it&rsquo;s a free for all. Nothing is safe because there is no such thing as a minor data breach. The average data breach can cost more than US$500,000 [&plusmn;R 3.7-million] which can also put a business&rsquo; livelihood and reputation on the line.&rdquo;<\/p>\n<p>&ldquo;The most surprising thing that we discovered is that in spite of the fact that vulnerabilities are so easily identifiable, and there are now low cost turn-key SaaS solutions available, businesses are not focused on securing their Web applications.&rdquo;<\/p>\n<p>&ldquo;They are a serious and potentially lethal blind spot for businesses. With the holiday shopping season approaching, all we can say is consumer beware,&rdquo; Khera concluded.<\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php?t=202685\"><strong>Web browser security discussion<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new security trends report highlights the web technologies and applications most vulnerable to hackers<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-10441","post","type-post","status-publish","format-standard","hentry","category-software"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/10441"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=10441"}],"version-history":[{"count":0,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/10441\/revisions"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=10441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=10441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=10441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}