Security News > 2020 > February > Report: 9 times out of 10, hackers can attack website visitors
The company's "Web Application Vulnerabilities and Threats: Statistics for 2019" report found signs that companies are beginning to prioritize security but are still failing to do everything necessary when protecting web applications and users.
Nine times out of 10, hackers are able to easily attack website visitors and 82% of web application vulnerabilities lie in the source code.
One out of every five applications that Positive Technologies researchers tested had vulnerabilities that allowed cybercriminals to attack a user session.
"As a general recommendation, web applications should sanitize all user input that is subsequently displayed in a browser, including HTTP request header fields such as User-Agent and Referer. Potentially unsafe characters that can be used in HTML page formatting must be replaced with their non-formatting equivalents. We also recommend using modern web application firewalls, since they are able to block cross-site scripting," the Positive Technologies report noted.
"In a targeted attack against a company, web application vulnerabilities can help with gathering data about the company's internal network, such as the structure of the network segments, ports, and services. In many cases, hackers can even access internal network resources and the confidential data stored there," the report added.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)