10th Installment of WhiteHat Security Statistics Report Reveals First Ever Ranking of Security Weaknesses by Industry and Organization Size

SANTA CLARA, Calif., Sept. 22 /PRNewswire/ -- WhiteHat Security, the leading provider of website risk management solutions, today released the tenth installment of the WhiteHat Security Website Security Statistics Report, providing a first-time breakdown of the state of website security by industry and company size.  

Compiled using data from more than 2,000 production websites across 350 organizations, WhiteHat provides the only industry research that focuses solely on unknown vulnerabilities in custom Web applications, while providing a real-world look at website security across a range of vertical markets.  This latest issue shines a spotlight on the need for organizations to focus on improving responsiveness in remediating vulnerabilities in order to reduce risk and improve the effectiveness of the SDLC over time.  

Until now, no metrics have been available for organizations to apply as a benchmark for evaluating themselves against their industry peers. WhiteHat's research findings give executives the insight they need to determine whether the resources that are invested in source code reviews, threat modeling, developer training and security tools are making a measureable impact in reducing their website security risk. Furthermore, the industry breakdown allows them to see how their efforts compare to their peers, and if any significant changes need to be made to strengthen website security.  For example, the data shows that financial services organizations have learned that quick identification and remediation of SQL Injection vulnerabilities, which if exploited give attackers access to corporate databases, are imperative. And yet, that industry still struggles with overall remediation rates.

Based on WhiteHat's research, organization size does not significantly impact an industry's average number of serious vulnerabilities, the specific vulnerability classes that affect it, or time-to-fix metrics.  However, there is a correlation regarding remediation rate, a key indicator of risk.  Typically, the larger the organization, the fewer vulnerabilities that are resolved (by percentage).  The average website contained nearly 13 serious vulnerabilities, and large organizations (more than 2,500 employees) had the highest average number of serious vulnerabilities.  In terms of industry, banking, insurance and healthcare were top performers, while IT, retail and education were at the bottom of the stack.

Knowing that websites are under constant siege and code security is imperfect, there are three important website security metrics that organizations must track:

1. the number of serious and remotely exploitable vulnerabilities
2. the time-to-fix once identified, and
3. the remediation rate.  

This knowledge enables organizations to combat breaches and attacks with increased visibility and the ability to respond quickly and effectively.

"When organizations look at their risk management, they are challenged by the question 'How secure is secure enough?'" said Jeremiah Grossman, founder and chief technology officer, WhiteHat Security. "Rather than relying on arbitrary best practices or check-box security, WhiteHat's statistics gives organizations baseline metrics from which they can evaluate their own security posture compared to the risk profile of others in their industry."

WhiteHat's tenth report contains data collected between January 1, 2006 and August 25, 2010.   Cross-Site Scripting (XSS) and Information Leakage remain by far the most prevalent occurring in seven out of 10 websites.  As predicted in past reports, Cross-Site Request Forgery (CSRF) has moved up to fourth spot on the "Overall Top Vulnerability Classes" chart.  Additionally, there is a newcomer – Brute Force. Only a year or two ago these issues were not considered dangerous or worth spending time on by most organizations. Today, malicious hacker activity has elevated awareness and organizations are demanding that these attacks be identified and reported on before exploitation occurs. These changes demonstrate the dynamic nature of website security and the need for ongoing website security programs that continuously evaluate risk.

The report statistics were gathered through the deployment of WhiteHat Sentinel, a Software-as-a-Service(SaaS)-based website vulnerability management solution, providing the most accurate and complete vulnerability assessments in the industry.  WhiteHat Sentinel executes rigorous and ongoing website security assessments on more than 2,000 websites that helps companies protect their brands, attain PCI Compliance and avoid costly and damaging breaches.

WhiteHat founder Jeremiah Grossman will host a webinar to reveal and analyze more of the report findings on Wednesday, September 22 at 11:00 am PT/2:00 pm ET.  For more information, visit WhiteHat's site at www.whitehatsec.com and see the upcoming events section.  

You can also register at: http://mktg.whitehatsec.com/forms/Webinar_stats092210

A full copy of the report is available at: http://mktg.whitehatsec.com/forms/GatedFormShort?doc=WPstats_fall10_10th

About WhiteHat Security

Headquartered in Santa Clara, California, WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk.  WhiteHat Sentinel, the company's flagship product family, is the most accurate, complete and cost-effective website vulnerability management solution available.  It delivers the flexibility, simplicity and manageability that organizations need to take control of website security and prevent Web attacks.  Furthermore, WhiteHat Sentinel enables automated mitigation of website vulnerabilities via integration with Web application firewalls and Snort-based intrusion prevention systems. To learn more about WhiteHat Security, please visit our website at www.whitehatsec.com.

SOURCE WhiteHat Security

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

440k+
Newsrooms &
Influencers

9k+
Digital Media
Outlets

270k+
Journalists
Opted In

GET STARTED