finance
monthly
Personal Finance. Money. Investing.
Contribute
Newsletter
Corporate

Positive Technologies has announced its latest report from its own audits of web application security: Web Application Vulnerabilities in 2017. The results, collated through the security firm’s automated source code analysis through the PT Application Inspector, detected vulnerabilities in every single web application tested in 2017. Among the key findings, 94% of applications had at least one high-severity vulnerability, demonstrating that websites are a critical weakness for organizations.

Breaking down the detected vulnerabilities by severity level, most (65%) were of medium severity, with much of the remainder (27%) consisting of high-severity vulnerabilities.

Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies said: “Web applications practically have a target painted on their back. A large number of unfixed, exploitable vulnerabilities is a windfall for hackers, who can use these flaws to steal sensitive information or access an internal network. Fortunately, most vulnerabilities can be discovered long before an attack ever happens. The key is to analyze application source code.”

Financial services are at greatest risk

As expected by Positive Technologies experts, finance web applications (46% of all tested web applications) were at the greatest risk, with high-severity vulnerabilities found in 100% of tested banking and finance web applications.

In fact, web applications at banks and other financial institutions, as well as governments, draw the most attention from hackers, as confirmed in a series of Positive Technologies reports.

Denial of service is especially threatening for e-commerce web applications, because any downtime means missed business and lost customers. High-profile e-commerce web applications receive large amounts of daily visits, increasing the motivation for attackers to find vulnerabilities to turn against users.

Attacks targeting users are the most dangerous

Positive Technologies assessed the potential impact of every detected web application vulnerability and compiled a list of the most common security threats. The number-one threat is attacks that target web application users. Alarmingly, 87% of banking web applications and all government web applications tested by Positive Technologies were susceptible to attacks against users. Users of government web applications in particular tend to not be security-savvy, which makes them easy victims for attackers.

The most common vulnerability across the board was Cross-Site Scripting (affecting 82% of tested web applications), which allows attackers to perform phishing attacks against web application users or infect their computers with malware.

Other critical vulnerabilities also find their way into government web applications. For example, security assessment of a web application for a Russian local government revealed SQL Injection, a critical vulnerability that could allow attackers to obtain sensitive information from a database.

(Source: Positive Technologies)

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free weekly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every week.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram