A Tuesday report from Positive Technologies revealed startling statistics about the safety of personal information in different web applications—70% are vulnerable to critical data leaks
The study also found that hackers could access personal data in 44% of the web apps tested. This includes personalized data from apps in industries like finance, e-commerce, and telecom.
The report found that all of the applications tested contained vulnerabilities— some of higher severity than others.
SEE: Cybersecurity in 2018: A roundup of predictions (Tech Pro Research)
Positive Technologies found the following 10 most common vulnerabilities in its research:
- Cross-site scripting - 74%
- Fingerprinting - 61%
- Information leakage - 52%
- Brute force - 52%
- Cross-site request forgery - 39%
- SQL injection - 26%
- URL redirector abuse - 17%
- OS commanding - 9%
- XML external entities - 9%
- Path traversal - 9%
Some 48% of tested web applications were not protected from unauthorized access. Additionally, the ability to gain full control was available in 17% of tested applications.
So, why are all of these apps vulnerable to hackers? According to the report, 65% of the vulnerabilities are due to coding errors. An additional third of the errors were due to incorrectly configured web servers, the report said.
"Web application security is still poor and, despite increasing awareness of the risks, is still not being prioritized enough in the development process," Positive Technologies cybersecurity resilience lead, Leigh-Anne Galloway, said in the report. "Most of these issues could have been prevented entirely by implementing secure development practices, including code audits from the start and throughout."
The big takeaways for tech leaders:
- A new report from Positive Technologies claims that 44% of web apps allow hackers to access personal data.
- All web apps contain vulnerabilities, with cross-site scripting, fingerprinting, and information leakage being the most common.
- Special report: Cybersecurity in an IoT mobile world (free PDF) (TechRepublic)
- Cybersecurity: How to devise a winning strategy (ZDNet)
- Top 5: Ways to stay safe online (TechRepublic)
- How to get your staff to take cybersecurity seriously (CNET)
- Protect sensitive data with these five free encryption apps (TechRepublic)
Laurel Deppen is a student at Western Kentucky University.