Firefox most vulnerable browser, Safari close second
Posted on 10 November 2009.
Cenzic released its report revealing the most prominent types of Web application vulnerabilities for the first half of 2009. The report details the steady rise of attacks targeting these exploits ultimately costing the U.S. a substantial amount of money in both IT damage and identity theft.

Specifically, the report identified over 3,100 total vulnerabilities, which is a 10 percent increase in Web application vulnerabilities compared to the second half of 2008. Cenzic analyzed all reported vulnerability information from sources including NIST, MITRE, SANS, US-CERT, OSVDB, OWASP, as well as other third party databases for Web application security issues reported during the first half of 2009.

Popular vendors including Sun, IBM, and Apache continue to be among the top 10 most vulnerable Web applications named. The most common published exploits on commercial applications were SQL Injection and Cross Site Scripting (XSS) vulnerabilities, which account for 25 percent and 17 percent of all Web attacks, respectively:


Among Web browsers, Mozilla Firefox had the largest percentage of Web vulnerabilities, followed by Apple Safari, whose browser showed a vast increase in exploits, due to vulnerabilities reported in the Safari iPhone browser:


Findings from the report point to the continued growth of attacks through Web applications. Web application vulnerabilities continue to make up the largest percentage of the reported vulnerability volume, with roughly 78 percent of all vulnerabilities resulting from them.

To find out about interesting web attacks and HTTP probes as well as attacks statistics, read the rest of the report.





Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //