Security News > 2020 > February > Report: 9 times out of 10, hackers can attack website visitors

The company's "Web Application Vulnerabilities and Threats: Statistics for 2019" report found signs that companies are beginning to prioritize security but are still failing to do everything necessary when protecting web applications and users.

Nine times out of 10, hackers are able to easily attack website visitors and 82% of web application vulnerabilities lie in the source code.

One out of every five applications that Positive Technologies researchers tested had vulnerabilities that allowed cybercriminals to attack a user session.

"As a general recommendation, web applications should sanitize all user input that is subsequently displayed in a browser, including HTTP request header fields such as User-Agent and Referer. Potentially unsafe characters that can be used in HTML page formatting must be replaced with their non-formatting equivalents. We also recommend using modern web application firewalls, since they are able to block cross-site scripting," the Positive Technologies report noted.

"In a targeted attack against a company, web application vulnerabilities can help with gathering data about the company's internal network, such as the structure of the network segments, ports, and services. In many cases, hackers can even access internal network resources and the confidential data stored there," the report added.

News URL

https://www.techrepublic.com/article/report-9-times-out-of-10-hackers-can-attack-website-visitors/#ftag=RSS56d97e7