WhiteHat Security is to offer its own Web site vulnerability
report.
The report, titled the "Web Application Security Risk Report,"
will focus on e-commerce, financial services, health care and
high-tech sites. It will offer a high-level view of vulnerabilities
affecting enterprise Web sites and explains the likelihood of
vulnerabilities existing on those sites.
WhiteHat is creating the report in response to hackers'
increased attacks on Web applications. WhiteHat research reveals
that eight out of 10 Web sites have serious flaws, including
cross-site scripting and
SQL injection, making them susceptible to malicious attack.
Common business logic flaws, such as insufficient authorisation,
that are often undetected but can lead to customer account
compromise, top the list as well.
The company is able to create this report thanks in part to the
hundreds of Web sites it assesses each moth using its Sentinel
service. By sharing its findings, companies will gain a clearer
picture of the security issues affecting their Web sites today,
WhiteHat said. This data will also help companies realise the
possible business impact of these attacks and how to prevent them
from occurring.
WhiteHat Security uses the
Web Application Security Consortium (WASC) threat
Classification of 24 Web application vulnerability classes as a
baseline for classifying vulnerabilities. This standard ensures
comprehensive coverage of the known types of Web application
vulnerabilities. Unlike other methods of common vulnerability
assessments in commercial and open source software, the WhiteHat
data is compiled and aggregated into a database of previously
unknown vulnerabilities in custom Web applications.
"We are excited to be able to offer this insight into the
growing issue of Web application security," said
Jeremiah Grossman, founder and Chief Technology Officer of
WhiteHat Security, in an announcement. "We expect these quarterly
reports to shed light on prevalent vulnerabilities and help
enterprises combat them efficiently. Through this type of industry
awareness we expect to see a decrease in the number and severity of
vulnerabilities across the board, especially among businesses which
take a proactive approach to protecting their Websites."
WhiteHat's Web Application Security Risk Report will be
published quarterly beginning in January 2007.