Financial services’ Websites are considerably less likely to have a major vulnerability than those of education institutions, or insurance firms, but lag well behind the retail sector when it comes to the number of severe vulnerabilities found on the sites by an outside application security vendor.
WhiteHat Security, which performs weekly vulnerability checks on nearly 700 custom-built Websites and Web applications, found that 65 percent of the financial services Websites it tested had an urgent, critical or high severity vulnerability. In contrast, 88 percent of education institutions had similar vulns, as did 78 percent of insurance firms. Healthcare ranked dead even with financial services, but retail was the safest sector with only 55 percent of its sites registering a severe vulnerability in its custom code.
The most common vulnerability remains cross-site scripting; 67 percent of sites surveyed had one of these. Next came information leakage at 41 percent and way behind content spoofing at 21 percent.
WhiteHat collected these stats based on sites it reviewed weekly from January 1, 2006 through July 31, 2008.