|
Page 2 of 3
Web Application Vulnerabilities
As Web applications have increased in volume, they have increasingly become targets of attack. As Figure 2 shows, the majority of vulnerabilities are actually found in these pieces of software, rather than the ones hosted internally by the enterprise.
Figure 2. Application Vulnerability Trends for 2005 Through 2007 Inclusive
Source: Info-Tech Research Group, derived from data published by Symantec
The percentage of vulnerabilities, such as Cross Site Scripting and SQL injection, found in Web applications versus other applications and operating systems has been essentially unchanged over the last three years. However, at nearly 60% of all vulnerabilities, the threat is significant. By exploiting these problems, cyber criminals are able to create attacks that address a broader range of targets since the attack is platform independent; whether the target reaches the vulnerable application via a Windows, Linux or Mac OS machine is irrelevant. As the world becomes more "on-line," the bad guys will work harder to discover and exploit Web app vulnerabilities.
Finding a Secure Browser
Though the numbers are small, the count of vulnerabilities in Web browsers is on the increase, adding to the concern around on-line threats. As Figure 3 shows, this is an issue that is not restricted solely to Microsoft Internet Explorer (IE) as might be thought.
Figure 3. Browser Vulnerability Trends for 2005 through 2007 Inclusive
Source: Info-Tech Research Group, derived from data published by Symantec
Over the three years in question, Mozilla-based browsers (such as Firefox) have had the highest number of vulnerabilities as often as IE. Further, the count of vulnerabilities in IE has declined since the latter half of 2006 while Mozilla vulnerabilities peaked at the end of last year and at a number far higher than IE ever reached. Neither browser can claim to be overly secure at this point, but if these trends continue, Microsoft may be the more secure choice. As a final note, Apple's Safari browser, which has traditionally had very low levels of vulnerabilities, experienced a sharp increase in problems in 2007 and ended the year with a greater number of discovered vulnerabilities than IE.
Next: Key Takeaways
|
