Via InfoWorld.com -
The latest research report out of Web applications security specialist WhiteHat finds that most sites are still woefully vulnerable to hacker attacks.
Just as in its previous research, WhiteHat estimates that some 90 percent of all pages are hack-able, the same figure that it has attached to several previous reports.
The message? Things aren't getting much better out there!
Over the last two years that WhiteHat has been issuing its paper, the company has reported that the volume and variety of Web site attacks have in fact only continued to rise, with Cross-Site Request Forgery (CSRF) tabbed as the next big thing by the experts this go round.
According to the company, nine out of ten sites still have serious vulnerabilities with an average of seven vulnerabilities per site.
The leading forms of exploit that WhiteHat is observing on the Net haven't budged much in recent months either, with classic techniques including SQL injection, buffer overflows and cross-site scripting (XSS) leading the way. However, the company is predicting that CSRF threats will soon begin to multiply.
Cross-Site Request Forgery (CSRF), as defined by OWASP, is an attack that attempts to fool end users into loading a Web page that contains a malicious request, much like traditional phishing attacks or XSS threats.
Using the technique, hackers then try to misappropriate victims' identities and privileges to carry out activities such as changing their applications passwords to gain entrance to banking sites, or to log into e-commerce sites to make fraudulent purchases in their names. In some cases, the attacks are hidden on the vulnerable sites themselves.
CSRF attacks are also known by a number of other names, including XSRF, Sea Surf, Session Riding, Cross-Site Reference Forgery, and Hostile Linking.
WhiteHat researchers said that attackers using CSRF exploits can "easily" manipulate today's Web browsers to send unintended HTTP requests such as fraudulent wire transfers, change passwords and download illegal content.
And based on its research, the company said that CSRF attacks will eventually move into the number two spot behind XSS exploits in terms of its frequency among the leading site hacking techniques.
No comments:
Post a Comment