[Owasp-singapore] Report: 9 of 10 Sites Are Sitting Ducks

Wong Onn Chee ocwong at usa.net
Wed Mar 26 23:55:33 EDT 2008


The report cited the top vulnerability as XSS (Cross-Site Scripting), 
which appears in about 70 percent of Web sites. XSS occurs when a Web 
application gathers malicious data from a user, usually via a hyperlink 
that contains malicious content.

The next most reported vulnerability is information leakage, occurring 
in two out of five Web sites. Information leakage occurs when a Web site 
knowingly or unknowingly reveals sensitive information such as developer 
comments, user information, internal IP addresses, source code, software 
versions numbers, error messages or error codes, the report explained.

Next is content spoofing, occurring in one in four Web sites. Content 
spoofing, which is often used in phishing scams, causes an Internet user 
to unwittingly access spoofed content through e-mail, chat rooms or 
bulletin boards.

More information about the Owasp-singapore mailing list