WhiteHat Security Unveils Biggest Website Security Weaknesses in Latest Statistics Report

WhiteHat Security Unveils Biggest Website Security Weaknesses in Latest
Statistics Report
Report Finds Online Social Networks and Education Sites Continue to Have the
Most Risks




SANTA CLARA, Calif., Nov. 12 /PRNewswire/ -- WhiteHat Security, the leading
provider of website risk management solutions, today released the eighth
installment of the WhiteHat Security Website Security Statistics Report, a
high-level perspective on major website security issues that continue to
compromise corporate data across all industries.  WhiteHat's report, assembled
from real-world website security data, cites the Top 10 website
vulnerabilities and provides insight into the evolving challenges facing
organizations today. 

WhiteHat's Statistics Report provides an opportunity for businesses to
understand the most prevalent vulnerabilities so they can develop and
implement an effective website risk management program, reduce exposure and
improve their overall security posture.  WhiteHat created the report to
educate the business community and general public about the most prevalent
vulnerabilities that can lead to website compromises.

Unsurprisingly, only 36 percent of websites in the report currently do not
have any serious vulnerabilities.  From a historical perspective, this
percentage drops to 17.  Through its research, WhiteHat found that the
characteristics of websites currently without any serious issues were nearly
identical to those with them, with the exception that they had about half as
many from the start.  This proves to be significant in that no website can be
deemed immune -- all websites have an opportunity to be compromised.  These
odds are reduced when the business decides to proactively identify and
remediate their vulnerabilities. 

"It is extremely interesting to see that all the websites that are no longer
vulnerable are so similar characteristically in technology and site format to
those that have vulnerabilities," said Jeremiah Grossman, founder and chief
technology officer, WhiteHat Security.  "The big difference right now seems to
be that these organizations set an internal mandate to actively fix their
flaws and reduce the potential for damage to their website, reputation and
customers." 

Recent attacks on thousands of Web properties including Twitter, Facebook and
MySpace also validate WhiteHat's findings that these platforms have what
hackers are eager to steal -- user supplied data.  With 86 percent of these
sites hosting urgent, critical or high severity vulnerabilities, social
networks lead all verticals.  A close second, education websites are also
highly vulnerable, with 83 percent having at least one serious vulnerability. 
This is not surprising, as educational institutions have many public-facing
applications and often do not have significant resources dedicated to website
security.  

WhiteHat's latest report contains data collected between January 1, 2006 and
October 1, 2009, and finds that the percentage of high, critical or urgent
issues continue to slowly increase.  WhiteHat also finds that 83 percent of
websites have had a high, critical or urgent issue over their lifetime and 64
percent of websites currently have a high, critical or urgent issue.  Of the
22,000 vulnerabilities identified, almost 9,000 remain open, which means
encouragingly that the majority -- over 13,000 -- have been closed.  

As in previous reports, Cross-Site Scripting and SQL Injection continue to be
fixtures in the Top 10 list along with many other common classes of attack. 
The report also shows that fix percentages are climbing for some and
decreasing for others.  In particular, more organizations are repairing
technical issues such as SQL Injection and Cross-Site Scripting in larger
volumes, an indication that awareness is building regarding the prevalence of
easy exploitations of these specific vulnerabilities.  

The report statistics were gathered through the deployment of WhiteHat
Sentinel, a Software-as-a-Service (SaaS) based website risk management
solution, providing the most accurate vulnerability information in the
industry.  WhiteHat Sentinel executes rigorous and ongoing website security
assessments on more than 1,500 websites that helps companies protect their
brands, comply with PCI Compliance and avoid costly and damaging breaches.

WhiteHat founder Jeremiah Grossman will host a webinar to reveal and analyze
more of the report findings on Thursday, November 12, 2009 at 11:00 a.m. PT /
2:00 p.m. ET.  For more information, visit WhiteHat's site at
www.whitehatsec.com and see the upcoming events section.  You can also
register at https://whitehatsec.market2lead.com/go/whitehatsec/stats111209.


About WhiteHat Security
Headquartered in Santa Clara, California, WhiteHat Security is the leading
provider of website risk management solutions that protect critical data,
ensure compliance and narrow the window of risk.  WhiteHat Sentinel, the
company's flagship product family, is the most accurate, complete and
cost-effective website vulnerability management solution available.  It
delivers the flexibility, simplicity and manageability that organizations need
to take control of website security and prevent Web attacks.  Furthermore,
WhiteHat Sentinel enables automated mitigation of website vulnerabilities via
integration with Web application firewalls and Snort-based intrusion
prevention systems.  To learn more about WhiteHat Security, please visit our
website at www.whitehatsec.com.

    Contact:
    Dawn van Hoegaerden               Rachel Miller
    WhiteHat Security                 SHIFT Communications
    919-929-8525                      617-779-1856
    dawn@whitehatsec.com              whitehat@shiftcomm.com


SOURCE  WhiteHat Security

Dawn van Hoegaerden, WhiteHat Security, +1-919-929-8525, dawn@whitehatsec.com;
or Rachel Miller, SHIFT Communications, +1-617-779-1856,
whitehat@shiftcomm.com