Web application vulnerabilities soar, Symantec warns

Security software company Symantec has warned that vulnerabilities in web application are continuing to pose serious threats,...

Security software company Symantec has warned that vulnerabilities in web application are continuing to pose serious threats, allowing hackers to access confidential information.

In its latest Internet Security Threat Report it found that nearly 48% of all vulnerabilities documented between 1 July and 31 December  2004 were web application vulnerabilities.

Symantec warned that web applications are popular targets because they are widely deployed and can allow attackers to circumvent traditional security measures such as firewalls. Web application vulnerabilities made up 48% of all vulnerabilities disclosed, up from 39% in the first half of 2004, according to the results from Symantec.

Symantec found that organisations received 13.6 attacks per day, up from 10.6 in the previous six months.

Significantly, for the third straight reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack (formerly referred to as the Slammer Attack) was the most targeted vulnerability, used by 22% of all attackers.

Symantec found 1,403 new vulnerabilities, a 13% increase over the previous six-month period.

The report also showed that the UK had the highest percentage of "bots", compromised PCs that launch attacks across the internet.

Known bot network computers declined from more than 30,000 per day in late July to an average of below 5,000 per day by the end of the year.

From its research Symantec believes that the use of bots and bot networks for financial gain will increase as will the use of embedded content in audio and video images to launch hidden attacks. It also expected malicious code targeting mobile devices to increase in number and severity.

The analysis was based on 20,000 sensors monitoring network activity in over 180 countries by Symantec DeepSight Threat Management System and Symantec Managed Security Services.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.