Security Slideshow:
9 Ways Web Apps Woo Hackers

By Ericka Chickowski on 2010-03-05

Web security research gurus with the Santa Clara, Calif.-based Web application security firm Cenzic uncovered their findings at RSA from data collected during the second half of 2009. Though CIOs are constantly struggling to get their development teams spinning up new business-enabling Web applications as quickly as possible, leaders would do well to take a lesson from the disconcerting trends laid out in Cenzic's most recent report.

The vast majority of proprietary web applications developed in house contain some sort of vulnerability or another, as seen by scans of customer applications conducted through the company's managed services. The following nine types of vulnerabilities are the most common found through Cenzic's scans of customer Web apps.

	LATEST STORIES
	- Small DDoS Attacks Just as Damaging as Massi... - IBM, Samsung to Show Next-Gen Chip Tech at M... - VMware Issues vCloud Integration Manager - Apple iPad 3 Unveiling Set for March: Report - Certifications Key to Tech Contracting Jobs:...

BLOGS

Tim Moran: CIOs Go To Market

Tony Kontzer: Fed CIO Aims to Root Out IT Waste

Tony Kontzer: Imagine There are No CIOs

Tony Kontzer: Will the Cloud Solve Federal IT Security?

Tony Kontzer: Privacy, Security and the CIO

John Parkinson: When Good DR Goes Bad

Tony Kontzer: What's So Special About iCloud?

Tony Kontzer: Farewell Kundra, We Hardly Knew Ya

More blogs >>

Cross-Site Request Forgery

Frequency of Detection Within Scanned Applications: 14% Ratio of Occurrence Among Found Web App Vulnerabilities: 1%

Unauthorized Directory Access

Frequency of Detection Within Scanned Applications: 19% Ratio of Occurrence Among Found Web App Vulnerabilities: 1%

Insecure Resource Location

Frequency of Detection Within Scanned Applications: 24% Ratio of Occurrence Among Found Web App Vulnerabilities: 1%

SQL Injection

Frequency of Detection Within Scanned Applications: 32% Ratio of Occurrence Among Found Web App Vulnerabilities: 4%

Remote Code Execution

Frequency of Detection Within Scanned Applications: 32% Ratio

Authorization and Authentication

Frequency of Detection Within Scanned Applications:71% Ratio of Occurrence Among Found Web App Vulnerabilities: 8%

Session Management

Frequency of Detection Within Scanned Applications: 72% Ratio of Occurrence Among Found Web App Vulnerabilities: 9%

Cross-Site Scripting

Frequency of Detection Within Scanned Applications: 81% Ratio of Occurrence Among Found Web App Vulnerabilities: 20%

Information Leaks and Exposures

Frequency of Detection Within Scanned Applications: 93% Ratio of Occurrence Among Found Web App Vulnerabilities: 53%

Recent Slideshows

FEATURED SPONSORED VIDEOS

Security and Availability Essentials for Running Your Business in the Cloud

Cyber Security Trends and Challenges for 2012

IPv6 Integration and Migration

View More Videos

Brought to You By

FEATURED SPONSORED ARTICLES

Erasable E-Paper Saves Trees, Cuts Costs

Why Smart Companies Should Adopt the Lessons of Gaming

Interest in Mobile WiFi Hotspots Fuels New Solutions

A Closer Look at Public Cloud Security

View More Articles

Brought to You By


		Get up and running in as quickly as 30 days with BI. Learn how today. FREE Securing Smartphones & Tablets for Dummies Book from Sophos 77% of the Fortune 500 Manage Content Securely with Box. Leverage your virtual computing environment with Dell. Build an IT Infrastructure That Delivers the Future 5 New Technologies That Will Change Enterprise IT

CIO Insight:	Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
Quick Links:	Enterprise Mobility Zone \| Management Case Studies \| Loyalty Programs \| Term Sheet \| Strategy Maps \| Organizational Behavior \| Net Present Value Calculator \| Link to Us
	Security: Network Security Entprise Networking Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Green Computing Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos Magazine Subscriptions Enterprise Websites: ZDE Home eWeek Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices TechDirect iGrep Search Engine PDF Zone Linux Watch
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 1.

Security Slideshow:9 Ways Web Apps Woo Hackers