Full Research: 22% of websites worldwide have security vulnerabilities
Bkav Internet Security Corporation today releases an independent research which says 22% of global websites have vulnerabilities. According to Bkav, this is the reason for leaks of credit card details, business secrets and political information, etc. which are happening here and there on almost a daily basis.
Browsing through security pages every day, it's not difficult to come across articles of one company being under attacks, another organization's secrets being spilled. It is noteworthy that even big financial institutions like Visa, Nasdaq, Dow Jones, etc., of which the systems are thought to be highly secured, inevitably become victims. Or by the end of last August, Bradley Manning was sentenced 35 years in prison for transmitting hundreds of thousands of state secrets to WikiLeaks. How could this soldier access and leak such classified material to WikiLeaks? These incidents urged Bkav to carry out the research.
The approach to focus on website security holes was figured out due to the corporation's practical experiences, because almost all companies, organizations have their own websites, and the simplest way to breach into their information system is through website vulnerabilities. Bkav WebScan – a website security testing system – was used for this research.
The research was conducted on websites of companies and organizations in 25 countries of different areas in the world, from July 2013 to February 2014.
Below are the key findings of the research:
- 22% of websites worldwide have critical vulnerabilities. If a website is vulnerable, it normally has more than one vulnerability (the highest number is 407).
- The vulnerabilities include: Cross-site Scripting, Sensitive Path, Directory Listing, Blind SQL Injection and Application Error Message Security.
- The rates of vulnerable websites are different among areas in the world and corresponding to the development of science and technology or the level of IT application.
Mr. Nguyen Minh Duc, Vice President of Internet Security, Bkav Corporation, stated: "This result is clear evidence for the fact that the online world nowadays has become more threatening than ever before. In order to be safe, it requires a change in awareness from governments, organizations, or even in knowledge of website developers, coders."