Threaded Mode | Linear Mode

***mandy*** · 02-08-2007, 10:15 AM,

Quote:Half of all Websites are vulnerable to database attacks, according to security data collected from 27,000 ScanAlert customers for a recently published report. Forty-five percent of Websites had a serious database vulnerability such as SQL injection, while 50% had cross-site scripting (XSS) vulnerabilities (before we helped the sites correct the problems, of course).

Without question, it is a gloomy portrait of the security of software applications used by online merchants. When you apply these percentages to the millions of Websites that sell products and services online, the big picture gets very scary very quickly.

The scary stuff starts with SQL injection...

full article: http://multichannelmerchant.com/news/onl..._02062007/

***mandy*** · 02-28-2007, 10:33 AM,

A related article on the ScanAlert survey:

Quote:SQL Injection and Cross Site Scripting: Growing Threats
Half of all Web sites are likely vulnerable to database attacks, according to a new report that paints a bleak picture of the security of software applications used by online retailers. ScanAlert, an Internet security company, analyzed vulnerability scans of 27,000 Web sites to produce "The Ecommerce Applications Security Trends" report, which covers all types and sizes of online merchants.

Key findings show that 45 percent of Web sites studied had a serious database vulnerability, such as SQL Injection, while 50 percent of Web sites had cross site scripting vulnerabilities. Categorized as critical by security experts, SQL Injection is a class of software vulnerability that enables hackers to penetrate databases to steal confidential information needed for fraud and identity theft. Cross site scripting vulnerabilities, which allow hackers to conduct phishing attacks, are even more prevalent than database vulnerabilities...

full article: http://www.ecommerce-guide.com/solutions...hp/3662306