August 25, 2008
Cenzic Q2 Trend Report Reveals Attacks on Web Sites Continue As Cyberwarfare Moves Mainstream
Cenzic Inc., the leading provider of application security vulnerability assessment and risk management solutions, today released its report revealing the most prominent types of vulnerabilities for the second quarter of 2008. In the wake of sophisticated threats, such as the recent attacks on the Republic of Georgia's government Web sites, it is apparent that cyberterrorism and cyberwarfare are now a relevant threat to homeland security.
"The United States is one of the most Internet-reliant countries in the world -- everything from banking to media to government materials are housed online," said Mandeep Khera, chief marketing officer at Cenzic. "Although the source of the attacks on Georgia can't be confirmed, it is evident that we have entered an age where any individual or organization, including governments, can easily organize and execute cyberwarfare campaigns. At the forefront of this threat is the issue of Web application security which has become the weakest link against hackers."
As the recent Cenzic Application Security Trends Report for Q2 2008 depicts, United States organizations are still not fully prepared, as less than five percent of 100 million Web applications in the U.S. are being tested for security vulnerabilities. While the reported vulnerabilities have decreased slightly from Q1 2008, the percentage of Web vulnerabilities has risen.
This report surfaces approximately a week after the attacks on the Beijing Olympics, various retailers and Republic of Georgia's government Web sites, and presents a disturbing correlation between today's Web vulnerabilities and its effect on homeland security. Synchronized attacks in the Russia-Georgia conflict are the sign of a disturbing trend that is becoming more mainstream, and evidence that cyber attacks are rapidly gaining acceptance as another weapon in war.
Cenzic Application Security Trends Report Q2 2008
The Cenzic Application Security Trends Report emphasizes the Top 10 Web application vulnerabilities from published reports in Q2 2008, illustrating trends among thousands of corporations, financial institutions and government agencies. In the report, Cenzic identified 1,200 unique published vulnerabilities for the second quarter of 2008, with Web technology vulnerabitlies comprising 73 percent of the vulnerability volume and SQL injection accounting for an alarming 34 percent of the total Web vulnerabilities.
As part of the study, Cenzic incorporated findings from Cenzic ClickToSecure, its leading-edge managed security assessment and penetration testing service (SaaS), and research from Cenzic Intelligent Analysis (CIA) Labs. Some key findings include:
-Seven of 10 analyzed Web application engaged in insecure communication practices could potentially lead to the exposure of sensitive or confidential user information during transactions.
-Cross-Site Scripting continues to be the most common injection flaw, affecting seven out of 10 Web applications.
-Approximately two out of 10 Web applications were found to be vulnerable to types of SQL injection attacks that could result in a direct compromise of the application's back-end database by an attacker or reveal sensitive information useful to an attacker.
-Information leaks and exposures, Cross-Site Scripting and Authorization and Authentication were among the most prevalent vulnerabilities.
To download a PDF version of the Q2 Trend Report, please visit www.cenzic.com. In addition, for a fast and easy way to prioritize and remediate your vulnerabilities before hackers exploit them, sign up for an assessment of your Web applications from Cenzic. To learn more about Web application security issues, watch this Gartner video: https://www.cenzic.com/landing/GartnerVideo/.
Cenzic is the next-generation Web application security assessment and risk management solutions leader. The Cenzic suite of application security solutions fits the need of any company from remote, Software as a Service (ClickToSecure(R)), for testing one or many applications, to a full enterprise-wide solution (Cenzic Hailstorm(R) Enterprise ARC) for effectively managing application security risks across an enterprise. Always an innovator, Cenzic has integrated Hailstorm with VMware to enable testing of production Web applications through virtualization -- making Cenzic the only company in the industry with a complete solution for assessing Web applications in all stages from development to production. In addition, Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive and extensible in the industry, empowering organizations to stay on top of unrelenting application security threats.
Contact: Tami Casey Kulesa Public Relations for Cenzic Inc. 650-340-1984 Email Contact