acm-header
Sign In

Communications of the ACM

ACM TechNews

Same Web-Based Vulnerabilities Still Prevalent After Nine Years


View as: Print Mobile App Share:
A bug in the system.

A study by a U.K.-based cybersecurity firm found the threat of common Web-based vulnerabilities has not been significantly mitigated over the past nine years.

Credit: techworm.net

The threat of common Web-based vulnerabilities has not been significantly mitigated over the past nine years, according to a study by the U.K.-based NCC Group.

The cybersecurity firm cites cross-site scripting vulnerabilities as the most frequent bug encountered, comprising 18% of all bugs logged.

NCC Group's Matt Lewis says, "We should have seen a significant fall in these types of vulnerabilities, but this hasn't been the case, which highlights the need for better education around security within the software development life cycle."

The study found growing numbers of bugs targeting complex applications and hardware, including deserialization flaws and exploitation of multiple low-risk issues in a chain across a complex Web application.

However, NCC Group also says certain vulnerability classes have all but disappeared, including format string flaws, certain memory-related flaws, and bugs permitting exploitation of XML applications and services.

From Help Net Security
View Full Article

 

Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account