As cyber-attacks continue to rise, StopTheHacker, a startup software-as-a-service (SaaS) vendor focused on Web security and reputation protection, has added a vulnerability-patching service aimed at providing small and midsize businesses (SMBs) with the ability to detect existing vulnerabilities and eliminate them once they are identified.
“Many of our customers get re-infected after we detect and remove the malware from their Websites because the hacker will use the same vulnerability that they used to previously infect their Website,” Anirban Banerjee, co-founder of StopTheHacker, said in a statement. “Customers were asking us for a service to patch these vulnerabilities for them.”
“We are seeing that more than 80 percent of all Websites have vulnerabilities and that our customers neither have the time nor the expertise to do this for themselves, and their Web developers and our competitors in most cases are charging them five to 10 times this amount to do the same thing,” Banerjee added.
The StopTheHacker Website vulnerability-patching service costs $149 per fix. Typically, it takes about 48 to 60 hours to repair the vulnerabilities at the Website.
The challenge in protecting Websites from breaches will only continue to grow. According to a recent report from Web application security specialist WhiteHat Security, 86 percent of all Websites had one serious vulnerability, and the average number of serious vulnerabilities per Website was 56. The good news is that the number of serious vulnerabilities has decreased from 230 in 2010 to 79 in 2011 and 56 in 2012.
The report also finds that the IT industry experienced the highest number of vulnerabilities at 114 per Website. All industries experienced fewer vulnerabilities in 2012, compared with previous years, with the exception of the IT and energy sectors, according to the study.
“Website security is an ever-moving target, and organizations need to better understand how various parts of the SDLC [software development lifecycle] affect the introduction of vulnerabilities, which leaves the door open to breaches,” Jeremiah Grossman, co-founder and CTO of WhiteHat Security, said in a statement.
Case in point: StopTheHacker’s analytics finds that less than 5 percent of all Websites today are protected, and the amount of infected Websites has increased by 70 percent since last year.
What were the biggest vulnerabilities in 2012? Information leakage and cross-site scripting, identified in 55 percent and 53 percent of Websites, respectively, according to the WhiteHat report. Other big vulnerabilities noted in the report include content spoofing, cross-site request forgery, brute force, fingerprinting, insufficient transport layer protection, session fixation, URL redirector abuse and insufficient authorization.
Although a Website’s content management system (CMS) and various plug-ins are secure from known vulnerabilities when patched, hackers are always looking for new ways to hack sites, making businesses vulnerable between updates and patching, said StopTheHacker. For further protection, the company recommends using an active and constant malware-detection service in addition to a vulnerability-patching service.
