.net, internet, php, software development, web authoring

Cenzic web app report highlights security problems

May 15, 2008 onlyconnect

Will we ever get a secure Internet? There’s no cause for optimism in the latest Cenzic report into web app security. A few highlights:

7 out of 10 Web applications analyzed by Cenzic were found vulnerable to Cross-Site Scripting attacks
70% of Internet vulnerabilities are in web applications
FireFox has the most reported browser vulnerabilities at 40%; IE is 23%
Weak session management, SQL Injection, and poor authentication remain very common problems
33% of all reported vulnerabilities are caused by insecure PHP coding, compared to 1% caused by insecurities in PHP itself.

OK, it’s another report from a security company with an interest in hyping the figures; but I found this one more plausible than some.

The PHP remarks are interesting; it would be good to see equivalent figures for ASP.NET and Java.

Technorati tags: cenzic, security, cross-site scription, sql injection, php, asp.net

Tech Writing