Cross-site scripting and SQL injection remain the top methods of attack. Vulnerabilities in web applications remain the primary avenue of attack for cybercriminals, according to a WhiteHat Website Security Statistics Report released this week.
Organisations building custom web applications are particularly at risk, says the report, which measured data collected from January 2006 to October 2009, across more than 1,300 websites.

The problem is exacerbated because it is not possible to patch against custom web application software, such as that used by big e-commerce sites, Jeremiah Grossman, founder and CTO of WhiteHat, told And that, he said, includes the vast majority of sites.

The link for this article located at SC Magazine AU is no longer available.