Communications of the ACM
Same Web-Based Vulnerabilities Still Prevalent After Nine Years
A study by a U.K.-based cybersecurity firm found the threat of common Web-based vulnerabilities has not been significantly mitigated over the past nine years.
Credit: techworm.net
The threat of common Web-based vulnerabilities has not been significantly mitigated over the past nine years, according to a study by the U.K.-based NCC Group.
The cybersecurity firm cites cross-site scripting vulnerabilities as the most frequent bug encountered, comprising 18% of all bugs logged.
NCC Group's Matt Lewis says, "We should have seen a significant fall in these types of vulnerabilities, but this hasn't been the case, which highlights the need for better education around security within the software development life cycle."
The study found growing numbers of bugs targeting complex applications and hardware, including deserialization flaws and exploitation of multiple low-risk issues in a chain across a complex Web application.
However, NCC Group also says certain vulnerability classes have all but disappeared, including format string flaws, certain memory-related flaws, and bugs permitting exploitation of XML applications and services.
From Help Net Security
View Full Article
Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA
No entries found