
Your organization's most-used software may also be the most vulnerable, according to Cenzic Inc.'s Q1 2008 Application Security Trends Report. Cenzic, the leading provider of application security vulnerability assessment and risk management solutions, released the report revealing the Top 10 vulnerabilities companies faced in the beginning of 2008.
Vulnerabilities found were from many well-known commercial application sources such as SAP, Adobe, Java, Apache, Microsoft, Asterisk and IBM Rational.
"We are seeing many patterns over time, and our results remain consistent with the Symantec Internet Security Threat Report for the second half of 2007 -- that organizations are still not taking the proper initiatives to secure their Web applications," said Mandeep Khera, vice president of marketing at Cenzic.
"With organizations required to become compliant with PCI requirement 6.6 by June 30, they need to act aggressively. Many of these vulnerabilities are being discovered in the most commonly-used commercial applications.
However, most proprietary applications have even more vulnerabilities that are never fixed. PCI Compliance is important, however it's even more important to protect customer information by getting security vulnerabilities fixed in applications. Cenzic can not only help organizations become compliant, but can also discover, assess and remediate Web application vulnerabilities from the start."
Cenzic is also certified as a PCI Approved Scanning Vendor and exceeded the PCI 6.6 requirements pertaining to Web application security.
Cenzic Application Security Trends Report Q1 2008
The Cenzic Application Security Trends Report emphasizes the Top 10 Web application vulnerabilities from published reports in Q1 2008, illustrating trends among thousands of corporations, financial institutions and government agencies.
In the report, Cenzic identified 1,409 unique published vulnerabilities for the first quarter of 2008, with Web technology vulnerabilities comprising 70 percent of the vulnerability volume and 65 percent of the total vulnerabilities classified as easily exploitable.
As part of the study, Cenzic incorporated findings from Cenzic ClickToSecure, its leading-edge managed security assessment and penetration testing service (SaaS), and research from Cenzic Intelligent Analysis (CIA) Labs. Some of the key findings include:
- Seven of 10 analyzed Web applications engaged in insecure communication practices could potentially lead to the exposure of sensitive or confidential user information during transactions.
- Cross-Site Scripting continues to be the most common injection flaw type, affecting seven out of 10 Web applications.
- Approximately two out of 10 Web applications were found to be vulnerable to types of SQL injection attacks that could result in a direct compromise of the application's back-end user by an attacker.
- Information leaks and exposures, Cross-Site Scripting and session management were among the most prevalent vulnerabilities.
To download a PDF version of the Q1 Trend Report, please visit www.cenzic.com/pdfs/Cenzic_AppSecTrends_Q1_2008.pdf.
About Cenzic Cenzic is the next-generation Web application security assessment and risk management solutions leader. The Cenzic suite of application security solutions fits the need of any company from remote, Software as a Service (ClickToSecureŽ), for testing one or more applications, to a full enterprise-wide solution (Cenzic HailstormŽ Enterprise ARC) for effectively managing application security risks across an enterprise.
|