Context Information Security published today a report that could raise concern. The security consultants working for Context have been testing, comparing results and analyzing for two years the state of web application security and they found out that the vulnerabilities are far from being addressed. In fact, the situation was getting worse in 2011, compared to the previous year.
Michael Jordon, research and development manager at Context pointed out that “while the number of vulnerabilities identified in applications from 2010 and 2011 has not increased greatly, it does indicate that developers are continuing to make the same mistakes and are still not addressing web app security sufficiently.”
Among the most vulnerable web applications are, according to the Context study, the applications built for the Government. The financial sector was presented as having the safest web apps in 2010, but last year the risk level grew in this sector also. Finance, Law and Insurance sectors have also been found to be the most vulnerable sectors.
The security experts from Context warn the developers that the greatest vulnerabilities discovered in web applications, both in 2010 and in 2011 are server misconfiguration and information-leakage. On the third place was in 2011 authentication issue, a risk that grew significantly in 2011 compared to the previous year. “While some of the vulnerability categories such as server configuration and information leakage saw bigger rises, more serious cross-scripting and SQL injections present the biggest and potentially most damaging threats to web applications,” explained Michael Jordon.