Author: Mikhail Doroshevich
Experts of the Belsec company have recently conducted a security level survey of the websites with .by domain name. Belsec automatically scanned nodes and manually analyzed a random selection of 100 sites ( "site:by" google request).
42% of analyzed web sites were detected as vulnerable.
Cross-Site Scripting, XSS makes 52% of all detected vulnerabilities. Information Leakage (with 27%) takes the second place. Then comes SQL Injection 16% of detected vulnerabilities.
Other types of vulnerabilities (5%) include Predictable Resource location, Command Execution, Brute Force, Insufficient Authentication, Directory Indexing.
Thus critical vulnerabilities make 21% of total amount, while medium and low risk vulnerabilities account for 38% and 41% of total amount correspondingly.
Belsec experts stress lack of awareness of corporate website security economic effect.
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License