Report: 9 of 10 Sites Are Sitting Ducks

Some 70 percent of sites suffer from XSS vulnerabilities, while two out of five are leaking sensitive data.

Nine out of 10 public Web sites are vulnerable to attack, according to a new report from White Hat Security, a Web site security services vendor in Santa Clara, Calif.

According to the report, released on March 24, nine out of 10 Web sites have serious vulnerabilities, with an average of seven vulnerabilities per Web site. These issues leave Web sites vulnerable to attack, which can result in loss of business, system outages, incident handling costs, brand damage, legal liability, regulatory sanctions and fines.

The report cited the top vulnerability as XSS (Cross-Site Scripting), which appears in about 70 percent of Web sites. XSS occurs when a Web application gathers malicious data from a user, usually via a hyperlink that contains malicious content.

Read the full story at