Seventh WhiteHat Security Statistics Report Provides Birdseye View Into Real-World...

Seventh WhiteHat Security Statistics Report Provides Birdseye View Into
Real-World Website Risks

With More Than 1,000 Sites Under Management, WhiteHat Further Extends its
Leadership Position; Offers Greater Visibility into Website Risk Management

SANTA CLARA, Calif., May 18 /PRNewswire/ -- WhiteHat Security, the leading
provider of website risk management solutions, today released the seventh
installment of the WhiteHat Website Security Statistics Report, providing a
unique high-level perspective on the most prevalent website security issues
using aggregate data from real-world production websites.  WhiteHat's report
reveals the top ten website vulnerabilities, a vertical market breakout and
insight into the evolving threats facing organizations today.  WhiteHat
recently reached 1,000 websites under management and because all assessments
are conducted on production websites, businesses get a realistic view into
attacks that can cause damage to their sites and also learn how to implement
an effective website risk management program, reduce exposure and improve
their overall security posture.

As the leading Software-as-a-Service (SaaS) website vulnerability assessment
solution, WhiteHat has singular access to a vast sample of vulnerabilities in
custom Web applications across vertical markets.  This unique perspective
results in a report that presents the dominant website security issues
affecting the enterprise today.  The data collected is the only in the
industry that links attacks that are possible to what is actually probable.  

WhiteHat's latest report contains data collected between January 1, 2006 and
March 31, 2009, and finds 82 percent of websites have had a high, critical or
urgent issue over their lifetime.  Currently, WhiteHat finds that 63 percent
of websites have a high, critical or urgent issue, proving that the
consistency, thoroughness and frequency of WhiteHat Sentinel assessments leads
to a decrease in vulnerabilities and therefore a decrease in overall risk.  Of
the 17,000 plus vulnerabilities identified, a little more than 7,000 remain
open, which means that more than half (60 percent) have been closed. 
Additionally, WhiteHat Sentinel's SaaS offering arms organizations with the
information they need to protect their brands, attain PCI Compliance and avoid
costly and damaging breaches.

The top ten vulnerabilities remain largely unchanged, with Cross-Site
Scripting continuing to top the list.  Business logic flaws, an
often-overlooked issue that enables hackers to take advantage of the
functionality of a site, occupied more than half of the top spots.  WhiteHat's
report also presents statistics showing that 70 percent of websites have at
least one critical vulnerability, while another 63 percent fall into the high
category.  

In addition, the report sheds light on the breadth of website security issues
through its vertical market breakout.  Social Networking sites topped the list
this time around with 82 percent having an urgent, critical or high severity
vulnerability.  Education sites were bumped to the number two spot with 76
percent and IT came in a close third with 75 percent.

"One of the biggest takeaways from this report is that not all vulnerabilities
are created equal, but many are very serious -- leaving the door open to
exploit sensitive information and cause some serious damage," said Jeremiah
Grossman, founder and chief technology officer at WhiteHat Security.  "Because
the information in our report is the only one in the industry that looks at
real production websites, we are able to provide businesses with unparalleled
visibility into their website risk management posture.  We remain vigilant in
helping businesses combat the constantly changing threat landscape and will
continue to do our best to arm them with the necessary tools and data to
protect their sites."

The report statistics were gathered through the deployment of WhiteHat
Sentinel, a SaaS-based website risk management solution.  With more than 1,000
sites under management, including many of the Fortune 500, WhiteHat has access
to an unmatched amount of website security data, allowing the company to
accurately identify which issues are the most prevalent.  WhiteHat Security
uses the Web Application Security Consortium (WASC) Threat Classification as a
baseline for classifying vulnerabilities and the Payment Card Industry Data
Security Standard (PCI-DSS) severity system to rate vulnerability severity.

WhiteHat founder Jeremiah Grossman will be hosting a webinar to reveal and
analyze more of the report findings on Tuesday, May 19, 2009 at 11:00 a.m. PT
/ 2:00 p.m. ET.  For more information, visit WhiteHat's site at
www.whitehatsec.com and see the upcoming events section.  You can also
register at https://whitehatsec.market2lead.com/go/whitehatsec/stats051909.

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is the leading
provider of website risk management solutions that protect critical data,
ensure compliance and narrow the window of risk.  WhiteHat Sentinel, the
company's flagship product family, is the most accurate, complete and
cost-effective website vulnerability management solution available.  It
delivers the visibility, flexibility, and control that organizations need to
prevent Web attacks.  Furthermore, WhiteHat Sentinel enables automated
mitigation of website vulnerabilities via integration with Web application
firewalls. To learn more about WhiteHat Security, please visit our website at
www.whitehatsec.com.


    Contact:
    Dawn van Hoegaerden                      Rachel Miller
    WhiteHat Security                        SHIFT Communications
    408-343-8300                             617-779-1856
    dawn@whitehatsec.com                     whitehat@shiftcomm.com

SOURCE  WhiteHat Security

Dawn van Hoegaerden of WhiteHat Security, +1-408-343-8300,
dawn@whitehatsec.com, or Rachel Miller of SHIFT Communications for WhiteHat
Security, +1-617-779-1856, whitehat@shiftcomm.com