Know what Security Scanning of 396 Open Source Web application says: Infographic

Vulnerability scanning report, web application testing, security testing, vulnerability scanning, vulnerability scanner, web application vulnerability scanning

Admin

February 28, 2016

According to the latest reports of NetSparker , where they mentioned that since 2011 they had scanned 396 Open Source Web Applications with there automatic Web Application Vulnerability Scanner. In the vulnerability scanning they identified 269 issues and released 114 zero-day advisories. On this test conducted, only 30% of the open source web applications we scanned had some sort of direct impact vulnerability.

Top Most Vulnerabilities are:
Out of the 269 vulnerabilities the Netsparker web vulnerability scanners identified:
180 were Cross-site Scripting vulnerabilities. These include reflected, stored,DOM Based XSS and XSS via RFI.

55 were SQL Injection vulnerabilities. These also include the Boolean and Blind (Time Based) SQL Injections.

16 were File Inclusion vulnerabilities, including both remote and local file inclusions.

The rest of the vulnerability types are CSRF, Remote Command Execution, Command Injection, Open Redirection, HTTP Header Injection (web server software issue) and Frame injection.

Infographic about Report

Please include attribution to NetSparker | Cyber Kendra with this graphic.

Again XSS and SQLi are on top

Cross-site scripting vulnerabilities amount to 67% of all the identified vulnerabilities. SQL Injection vulnerabilities amount to 20% of the vulnerabilities. Together, these two vulnerability types amount to 87% of all the identified vulnerabilities.

Cross-site scripting and SQL Injection vulnerabilities have been included in the OWASP Top 10 since the project started, mainly because they are very easy to find and also very easy to exploit. And yet, even after years of raising awareness about these vulnerabilities, the majority of the web applications we use are vulnerable to these type of vulnerabilities.