Retail is considered most vulnerable vertical of all,as per iViZ Security’s latest website vulnerability statistics 2012 report. Banking according to this report ranks highest in terms of security.
The report is from the results of iViZ Security’s cloud based ‘on application security testin’g conducted on 5000 + applications.
Another interesting fact the report showed was that the customer apps from US & Europe had lower vulnerability density as compared to the customer apps from APAC.
The report also revealed that average number of vulnerability per website is close to 35 per application and 99% of the Apps tested had at least 1 vulnerability.
The report also observed the business logic vulnerabilities as the most overlooked and with the highest business impact. Most of the organizations do not have the expertise/process to discover and eliminate business logic flaws, like:
- Weak Password Recovery.
- Abusing Discount logic or coupons.
- Denial of service using Business Logic.
- Price manipulation
- OTP (One time Password) bypass
The study was conducted on the vulnerability data of web applications tested by iViZ Security in 2012. In total more than 5000 application vulnerability from 300+ customers has been considered as part of the sample data. iViZ Security study comprised of 25% apps from Asia, 25% apps from Europe & 40% apps from USA.
Other interesting facts include:
- 82% of the web application had at least 1 High/Critical Vulnerability
- 90% of hacking incidents were not publicly reported
- Low correlation between Security and Compliance (Correlation Coefficient: 0.2). This once again proves that compliance and security is not synonymous.
- 30% of the hacked organizations knew the vulnerability (for which they got hacked) beforehand
- #1 Vulnerability: Cross site scripting (61%). You can access the graph and the distribution of other vulnerabilities here.
- Business Logic Flaws were the most neglected vulnerabilities