(EMAILWIRE.COM, May 13, 2013 ) San Francisco, CA -- The latest study findings published from WhiteHat Security's annual study noted that over 15,000 websites survey had at least one glaring exploitable area of their website and security. Of all the problems, content spoofing was among the most vulnerable, and was identified on
half of the sites, according to the security group.
Content spoofing is a way to get a website to display content from the attacker, says Jeremiah Grossman, CTO at WhiteHat, an IT security vendor. According to Grossman, an individual may steal customer information or attempt to embarrass the website owner with said information. Regardless of the intent, the content spoof is used as a defacement, but on a site parallel to, but not directly on, the website, says Grossman.
The Open Web Application Security Project, stated that the content spoofing and its general attacks is often made possible due to injection of web application vulnerability. WhiteHat stated that this is often due to users not utilizing the supplementation of data to such applications.
Such attacks stemming from spoofing can supply information to a web application that is then returned to a user. That user is then shown a modified page that tricks them in to believing it is the trusted domain. Cross-site scripting attacks are a similar intent that also uses the technique
for more directly malicious purposes.
According to the WhiteHat Website Security Statistics Report, the top 15 most prevalent vulnerabilities is cross-site scripting, leaks in content, the spoofing of content, request forgery, brute force attacks, lack of proper transport layer protection, lack of sufficient authorization, redirector abuse of the URL, SQL injection attacks, sessions being compromised, HTTPR Splitting, fingerprinting indexing of the directory, functionality abuse, and predictable resource location.
About PowerHoster.com
Powerhoster (http://www.powerhoster.com) provides high-quality and secure website hosting for your business or project. Find out how Power Hoster services can assist you in domain register today.
Customer Service
4156676545
news@postpressrelease.com
Source: EmailWire.ComImage may be NSFW.
Clik here to view.
half of the sites, according to the security group.
Content spoofing is a way to get a website to display content from the attacker, says Jeremiah Grossman, CTO at WhiteHat, an IT security vendor. According to Grossman, an individual may steal customer information or attempt to embarrass the website owner with said information. Regardless of the intent, the content spoof is used as a defacement, but on a site parallel to, but not directly on, the website, says Grossman.
The Open Web Application Security Project, stated that the content spoofing and its general attacks is often made possible due to injection of web application vulnerability. WhiteHat stated that this is often due to users not utilizing the supplementation of data to such applications.
Such attacks stemming from spoofing can supply information to a web application that is then returned to a user. That user is then shown a modified page that tricks them in to believing it is the trusted domain. Cross-site scripting attacks are a similar intent that also uses the technique
for more directly malicious purposes.
According to the WhiteHat Website Security Statistics Report, the top 15 most prevalent vulnerabilities is cross-site scripting, leaks in content, the spoofing of content, request forgery, brute force attacks, lack of proper transport layer protection, lack of sufficient authorization, redirector abuse of the URL, SQL injection attacks, sessions being compromised, HTTPR Splitting, fingerprinting indexing of the directory, functionality abuse, and predictable resource location.
About PowerHoster.com
Powerhoster (http://www.powerhoster.com) provides high-quality and secure website hosting for your business or project. Find out how Power Hoster services can assist you in domain register today.
Customer Service
4156676545
news@postpressrelease.com
Source: EmailWire.ComImage may be NSFW.
Clik here to view.
