Most Websites Vulnerable To Attack, WhiteHat Study Says

Average site is exposed about 270 days of the year, according to report

The average website has serious vulnerabilities more than nine months of the year, according to a new report issued yesterday.
According to a
study
issued by researchers at WhiteHat Security, the average site is exposed about 270 days of the year. Information Leakage has replaced cross-site scripting (XSS) as the most common website vulnerability, the report says.
The report examined data from more than 3,000 websites across 400 organizations that are continually tested for vulnerabilities by WhiteHat Securitys Sentinel service. The study offers a look at sites Window of Exposure, which measures not only the vulnerabilities found in sites, but the length of time it takes those vulnerabilities to be remediated.
Its inevitable that websites will contain some faulty code -- especially in sites that are continually updated. Window of Exposure is a useful combination of the vulnerability prevalence, the time it takes to fix vulnerabilities, and the percentage of them that are remediated, said Jeremiah Grossman, founder and CTO of WhiteHat Security. Specifically for CIOs and security professionals, measuring window of exposure offers a look at the duration of risk their business and user data is exposed to by not having sufficient remediation processes in place.
The average website falls into the always and frequently vulnerable categories -- meaning they were exposed more than 270 days of the year, the report says.
Heavily regulated industries like healthcare and banking have the lowest rates, yet 14 and 16 percent, respectively, of the sites in those industries had serious vulnerabilities throughout the year. Social networking and retail have two of the largest windows of exposure, potentially reflecting the rate at which they update sites and introduce new code. The education industry has the dubious honor of leading the category -- 78 percent of sites in those industries were vulnerable at least nine months of the year.
During 2010, 64 percent of websites had at least one Information Leakage vulnerability, overtaking CSS as the most prevalent vulnerability by a few tenths of a percent. Information Leakage describes a vulnerability in which a website reveals sensitive data, such as technical details of the Web application, environment, or user-specific data.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Most Websites Vulnerable To Attack, WhiteHat Study Says