2 out of 3 Web Applications are vulnerable! Netsparker said!

Application Security Company Netsparker said, after a survey they came to know that 2 out of every three web applications are vulnerable to the most dangerous attacks SQL Injection and Cross Site Scripting (XSS). This is the result of internal code errors made by the web application developers. Less skills of developers is also a big reason behind it.

Netsparker select 396 total web applications for testing under this survey. After testing the security experts of Netsparker found that, 278 web applications were vulnerable to big major attacks. Most of the Web applications were vulnerable to SQL Injection and XSS attack. This is the 68% of total web applications. Majority of Websites was vulnerable to both Local File inclusion and Remote file inclusion.

In OWASP top 10 attacks list SQLi is at number one. During 1998 it was originally discovered and discussed publically. So we can say that it is very ancient attack. Actually SQLi flaws are very easily fixable problems which have been unnoticed and neglected by most of the web application developers. Rising number of SQL injection attacks is a major issue in cyber world. SQLi attack could be done manually and with the help of automated tools as well. Manually SQLi is very time- consuming in which attacker repeatedly intercepts data packets and sends a number of different Structure Query Language (SQL) payloads to exploit the SQLi vulnerabilities. This is the reason why attackers mostly prefer the automated tools to scan the web applications and exploit the SQLi flaws.

Cross Site Scripting?

Cross-site scripting (XSS) is a security exploit in which the attacker inserts malicious coding into a link that appears to be from a trustworthy source. When someone clicks on the link, the embedded programming is submitted as part of the client's Web request and can execute on the user's computer, typically allowing the attacker to steal information. Cross site scripting is nothing but injection of client side scripts into a website. These scripts can be HTML scripts or JavaScript scripts.

SQL Injection and Cross Site Scripting were two major vulnerabilities. There were many other vulnerabilities have been founded by the researchers. In these vulnerabilities, RFI, LFI, Open Redirection, Frame injection, Remote Code Execution and Cross Site Request Forgery are included.

How to protect Web Applications?

To keep web applications safe from all these flaws, developers have to learn all the basic and advanced coding techniques, which are must to protect web application from XSS and SQL Injection. Even a small mistake can lead the whole business to a huge risk. IT Companies should organize seminars of experts, to provide latest security knowledge to their developers.

Source: SC Magazine