figures
Blog

Same Web-Based Vulnerabilities Still Prevalent After Nine Years

Admin Globaldots
27.07.2018
image 1 Min read

Analysis of vulnerabilities discovered by NCC Group researchers over the last nine years found that instances of common web-based vulnerabilities have largely refused to fall over during this time, with cross-site scripting (XSS) vulnerabilities appearing the most frequently.

The global cyber security and risk mitigation expert found that despite this type of vulnerability being understood across the industry for decades, XSS flaws, which enable attackers to inject malicious scripts into websites or victim browsers, still account for 18% of all bugs logged.

However, some classes of bugs have become almost non-existent, including format string flaws, in which submitted data is evaluated as a command by the application, as well as some memory-related flaws, and flaws that allow the exploitation of XML applications and services.

Overall, the team uncovered vulnerabilities in 53 different categories, and found that there was an increase in the number of bugs targeting complex applications and hardware. This included deserialization flaws – when untrusted data is used to abuse the logic of an application and inflict DDoS or remote code attacks – and the exploitation of multiple low-risk issues in a chain across a complex web application, resulting in full, unauthorised control.

Image Source

Read more: Help Net Security

Comments

0 comments

There’s more to see

slider item
Your Innovation Feed

eBook: Don’t Fortify, Amplify: The New Cloud Security Stack

Steven Puddephatt 25.11.21

2021’s Security leaders deal with everything from cloud-native insider threats to staying one step ahead of the unknown. While the cloud is made to amplify and speed up core business processes, the pressure to fortify cloud-borne assets from possible cyber threats painfully slows things down.  GlobalDots harnessed its 17-year cloud security experience to rethink cloud […]

Read more
slider item
Identity & Access Management (IAM)

How IT can Breeze through Onboardings without Additional Hirings

Dror Arie

Which IT Nuisance Would You Automate First? Employee onboarding is one of the heaviest, most complex operations on a company’s IT. This is especially true in fast-growing companies that may see multiple onboardings per day. And, of course, the wider a company’s software tools array, the more accounts to create and permissions to manage. In […]

Read more
slider item
Cloud Workload Protection

GlobalDots Partners with CWP Innovator Lacework

Li-Or Amir 23.11.21

In its constant endeavor to enrich its cloud security offering with the latest innovation, GlobalDots has recently introduced security unicorn Lacework to its vendor portfolio. Founded in 2015, Lacework offers a cloud security monitoring platform which brings together some of today’s top needs: Workload protection, container & K8s security, compliance monitoring. Last weekend (Nov. 18th, […]

Read more

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Contact us
figure figure figure figure figure