WhiteHat Security Details Security Risks of Popular Web Application Programming Languages in Latest Statistics Report

SANTA CLARA, Calif., May 6 /PRNewswire/ -- WhiteHat Security, the leading provider of website risk management solutions, today released the ninth installment of the WhiteHat Security Website Security Statistics Report, offering a one-of-a-kind perspective on the state of website security.  Compiled using data from nearly 1,700 production websites, WhiteHat's report is the only one in the industry focusing solely on unknown vulnerabilities in custom Web applications and unique code within real-world websites.

WhiteHat's latest iteration of the report took a new twist, examining the security of specific programming languages.  Until now, no other website security study has provided detailed research on how programming languages perform in the field, though it is crucial to understand since security must be prioritized as part of the software development lifecycle to be most effective.  The near 1,700 business-critical websites under WhiteHat Sentinel management were evaluated to provide organizations with insight into the relative security of the development frameworks they deploy, and the associated vulnerabilities that put them at risk.

From this empirical research, programming languages do not display identical security postures in the field, yet at the same time, they tend to be more alike than different with regards to vulnerabilities.  The types of vulnerabilities to frequency of occurrence and remediation times differed, albeit more moderately than would have been anticipated, amongst frameworks.  Perl had the highest average number of historical vulnerabilities found at 45 percent followed by Cold Fusion at 34 percent.  Additionally, Perl, Cold Fusion, JSP and PHP were most likely to contain at least one serious vulnerability at approximately 80 percent of the time.  Among the lowest historical vulnerability averages were ASPX (Microsoft's .NET) and DO (Struts Java) with 19 percent and 20 percent, respectively.

"Web application security truly is a moving target with constant changes in attack methods and techniques," said Jeremiah Grossman, founder and chief technology officer, WhiteHat Security.  "While it's pertinent to keep a close eye on the top 10 vulnerabilities putting websites at risk, this time we wanted to focus on the programming languages since that's where it all begins.  If organizations have a better idea of how the languages they use fare in the field, they can be more vigilant during the development lifecycle and hopefully avoid bigger problems later."

WhiteHat's latest report contains data collected between January 1, 2006 and March 25, 2010, and finds that the percentage of high, critical or urgent issues continue to slowly increase.  At the same time, the report notes that vulnerability remediation rates are climbing as well, particularly in the Urgent and Critical categories, with an average rate of roughly 70 percent.  Still, with up to 30 percent of vulnerabilities remaining open for an average of nearly three months, many websites remain in an uncomfortable risk position.

Cross-Site Scripting (XSS) maintains its position in the Top 10 list along with many other common classes of attack.  Interestingly, Cross-Site Request Forgery (CSRF) did not make the Top 10 list for languages such as Perl and PHP, but Directory Indexing did.  The diversity of vulnerability issues across languages can be attributed to the fact that one website can possess hundreds of unique issues from a specific class such as XSS and Content Spoofing, while other sites may not contain any.

The report statistics were gathered through the deployment of WhiteHat Sentinel, a Software-as-a-Service (SaaS)-based website vulnerability management solution, providing the most accurate and complete vulnerability assessments in the industry.  WhiteHat Sentinel executes rigorous and ongoing website security assessments on more than 1,700 websites that helps companies protect their brands, attain PCI Compliance and avoid costly and damaging breaches.

WhiteHat founder Jeremiah Grossman will host a webinar to reveal and analyze more of the report findings on May 6, 2010 at 11:00 AM PT/2:00 PM ET.  For more information, visit WhiteHat's site at www.whitehatsec.com and see the upcoming events section.  

You can also register at: https://whitehatsec.market2lead.com/go/whitehatsec/stats050610

A full copy of the report is available at:  https://whitehatsec.market2lead.com/go/whitehatsec/WPstatsspring10

About WhiteHat Security

Headquartered in Santa Clara, California, WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk.  WhiteHat Sentinel, the company's flagship product family, is the most accurate, complete and cost-effective website vulnerability management solution available.  It delivers the flexibility, simplicity and manageability that organizations need to take control of website security and prevent Web attacks.  Furthermore, WhiteHat Sentinel enables automated mitigation of website vulnerabilities via integration with Web application firewalls and Snort-based intrusion prevention systems. To learn more about WhiteHat Security, please visit our website at www.whitehatsec.com.

SOURCE WhiteHat Security

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

440k+
Newsrooms &
Influencers

9k+
Digital Media
Outlets

270k+
Journalists
Opted In

GET STARTED