The vast majority of websites have a security vulnerability, according to data released Monday by WhiteHat Security, a security and audit provider specialising in web application security.
The latest instalment of the WhiteHat Website Security Statistics Report, which contains data collected from WhiteHat enterprise clients between January 1, 2006 and March 31, 2009, finds 82 percent of websites have had a high, critical or urgent issue over their lifetime. It also states 63 percent of websites currently have a high, critical or urgent issue, meaning they are unsecured today.
Social networking sites are responsible for the highest level of vulnerabilities, with around with 82 percent having an urgent, critical or high severity issue. Education sites and IT sites came in second and third, with 76 percent and 75 percent, respectively, having vulnerabilities, the report said. Retail, insurance, pharmaceutical, healthcare, and telecommunications sites also ranked high.
"One of the biggest takeaways from this report is that not all vulnerabilities are created equal, but many are very serious, leaving the door open to exploit sensitive information and cause some serious damage," said Jeremiah Grossman, founder and chief technology officer at WhiteHat Security, in a statement on the findings.
WhiteHat said the top ten vulnerabilities remain largely unchanged from previous reports. Cross-site scripting tops the list. Business logic flaws occupied more than half of the top spots.