SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
5 Sep 2014

Sites in PHP is an easy mining for hackers

After determining the most common vulnerabilities, experts decided to test the effectiveness of methods for their detection.

Attacks on the corporate website lead not only to disorganize the work, but they can be the first step for breaking networks of large corporations. According to Positive Technologies, the number of sites with the critical vulnerabilities has been increased significantly.

During the test, the aim of which is to determine the level of information security in 2013 and about 500 sites were tested and 61 was studied deeper. Most of the test sites were banking, because the attacks on the field of finance became very common. Furthermore, a lot of information sites (the media) were tested, because many of them were hacked and used for disinformation. Government websites, companies and television were studied as well.

As it turned out in 2013, 62% of the websites were highly vulnerable, while in 2012 the rate was significantly lower (45%). Media sites were at risk of attacks most of all, their rate was 80%. Speaking about websites that serve banks customers, none of them fully complied with the requirements of safety standard, called PCI DSS.

The Cross Site Scripting is the most popular vulnerability, because it was used on 78% of sites. This gap allows an attacker to influence the content of the page that will be displayed to the user in order to obtain information about the victim. For example, hackers can change the original authorization form into a fake, thereby obtain user‘s data and send them to their server.

Brute Force was the second problem with a score of 69% (poor protection from password guessing), due to lack or poor execution mechanism CAPTCHA. Two more dangerous vulnerabilities were in the top ten, such as "The introduction of operators SQL» (43%) and "Implementation of external entities XML» (20%).

The most unsafe were websites in PHP language: 76% of which had the highest level of exposure to attack. In turn, sites on Java (70%) and ASP.NET (55%) are more secure. One of the most dangerous vulnerabilities, called "Introduction operators SQL» was on sites in PHP language, while in other languages ​​the range was less.

Experts tested the application methods of black, gray and white boxes. Testing of the system without extracting information about it from the owner is called black-box; gray box is fictional hacker who had privileges in the system; but the white box contains the analysis using all internal information about the system, including source codes of the programs.

After research black and gray box showed that 60% of the sites had critical vulnerabilities white, white box showed 75%.

According to data from the study the method of white-box gives opportunity to find in 10 times more vulnerabilities than other methods. If one has access to the source code of web-applications, the testing with white-box method will be effective. However the majority of owners use this method very rare, only 13% of the sites were tested in such a way.

Tags:
hackers information leaks PHP
Source:
SafeUM
1840
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015