WebCohort’s Application Defense Center Reports Results of Vulnerability Testing on Web Applications
FOSTER CITY, CA – February 2, 2004 – WebCohort, Inc., the leader in web application security, today announced the results of four years of penetration testing on more than 250 web applications including e-commerce, online banking, enterprise collaboration, and supply chain management sites.
The vulnerability assessments conducted by WebCohort’s Application Defense Center (ADC) concluded that at least 92% of web applications are vulnerable to some form of hacker attacks. The most common vulnerabilities were cross-site scripting (80%), SQL injection (62%) and parameter tampering (60%). While these types of hacking attacks are common, most enterprises have not adequately secured web sites, applications and servers against them. Despite common use of defenses such as firewalls and intrusion detection or prevention systems, hackers can access valuable proprietary and customer data, shut-down websites and servers, defraud businesses, and introduce serious legal liability without being stopped or, in many cases, even detected.
“More robust network security has driven hackers to view web applications as easier targets. Four years of our Application Defense Center’s experience have proven this is an accurate assessment,” said Shlomo Kramer, CEO of Webcohort. “We are only beginning to see the risks to businesses and consumers these vulnerabilities introduce.”
In 2001, Gartner Group reported that 75% of cyber attacks and Internet security violations are generated through Internet Applications. Years later, web applications have yet to be secured.
The Federal Trade Commission announced in January that Internet-related fraud was the reason for more than 500,000 of consumer complaints filed in 2003, with estimated consumer losses of $200 million in the U.S. alone. The total cost of Internet fraud is compounded by business losses, legislative, regulatory and law enforcement costs, and diminished consumer trust in the Internet throughout the world. Unsecured web applications leave the back door wide open to Internet fraud and other forms of hacking attacks.
The results of the WebCohort Application Defense Center’s penetration testing from January 2000 to January 2004 are:
Most Common Application Layer Vulnerabilities
| Attack |
Percent vulnerable |
| Cross-site scripting |
80% |
| SQL injection |
62% |
| Parameter tampering |
60% |
| Cookie poisoning |
37% |
| Database server |
33% |
| Web Server |
23% |
| Buffer overflow |
19% |
Source: Penetration tests by WebCohort’s Application Defense Center on nearly 300 corporate, government and other client sites conducted of the past four years.
Definitions and descriptions of the attacks listed above are available on the glossary page.
About Imperva
Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com
# # #
Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.
Editorial Contact
Marc Gendron
(781) 237-0341
marc@mqpr.net
