Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Web Browsers Improve on Security, Web Applications Unacceptably Vulnerable

Aggressive initiatives by the makers of popular Web browsers including Google, Microsoft, and Mozilla to improve the security of their Web browsers appear to be paying off.

According to the Q3-Q4 Web Application Security Trends Report released today by Web application security firm Cenzic, the big Web browser companies seem to be paying very close attention to security, with many proactively seeking vulnerabilities by offering rewards or “bounties,” and seem to be efficient at fixing vulnerabilities in a timely manner.

Aggressive initiatives by the makers of popular Web browsers including Google, Microsoft, and Mozilla to improve the security of their Web browsers appear to be paying off.

According to the Q3-Q4 Web Application Security Trends Report released today by Web application security firm Cenzic, the big Web browser companies seem to be paying very close attention to security, with many proactively seeking vulnerabilities by offering rewards or “bounties,” and seem to be efficient at fixing vulnerabilities in a timely manner.

Cenzic’s report revealed that Google’s Chrome browser had the most vulnerabilities detected — 89 – likely due to the aggressive bounty program which offers cash to those who discover vulnerabilities. In the end, Google fixed 88 of these vulnerabilities quickly and efficiently.

Similarly, Mozilla Firefox had 65 vulnerabilities detected and fixed 61 in a timely manner. Apple’s Safari fixed 39 of 41. Microsoft fixed 26 of 32 for Internet Explorer, and Opera fixed 27 of 29 vulnerabilities discovered.

“To give credit where it’s due, all browser companies have done a great job in taking proactive steps toward better security,” said Mandeep Khera, chief marketing officer at Cenzic.

But despite the progress being made with security on the Web browser front, the report points out that that Web application security seems to be seriously lacking.

The report reveals widespread Web application vulnerabilities, with 2,155 discovered — a third of which have both no known solution and an exploit code publicly available.

Cross Site Scripting (XSS) and SQL Injection dominated the list of published Web vulnerabilities in Commercial Off The Shelf (COTS) software, accounting for 54 percent of the total number of Web vulnerabilities in the second half of 2010.

Advertisement. Scroll to continue reading.

“With all the publicity, education, and known attacks that have exploited XSS and SQL vulnerabilities, it is astounding that companies still haven’t plugged these threats,” said Khera. “Cybercriminals are well aware of these weaknesses, and worse still, with the amount of exploit codes publicly available, even a hacker with a modicum of talent has ability to cause tremendous damage. With an average security breach costing companies millions of dollars, lack of precaution is a daily risk that must be taken seriously,” Khera added.

Cenzic’s reports are created by compiling data from a variety of sources including data from its own SaaS clients, Mitre, OWASP, SANS, Secunia, Security Tracker, Symantec, and US-CERT.

You can download a PDF version of Cenzic’s Q3-Q4 2010 Trend Report here.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.