NEW! Acunetix 2020 Web Vulnerability Report- Insights for Web and Application Developers

, ,

Every year, Acunetix publishes an in-depth report of the most common web security vulnerabilities and network perimeter vulnerabilities. Download the Report HERE 

Their annual Web Application Vulnerability Report is based on real data taken from Acunetix Online. Analysts at Acunetix uses a random selection of websites and web applications protected using their in-house software, anonymise the web apps and websites, and perform statistical analysis.  Although this data is global, it still provides insights into key trends and industry analysis into issues affecting ANZ web developers and application developers.

This annual report is a must-read document for Web Developers, Application Developers, IT Administrators, Dev Ops, and even C-level Security Officers. Essentially, any organisation based in Australia and New Zealand that is implementing a robust and active cybersecurity strategy will benefit from  downloading this report.

Website Vulnerability Graph 2016 -2019

Acunetix Web Vulnerability Data

Acunetix’s findings from 2020 indicate there has been a 30% reduction in the number of vulnerabilities. However, while the numbers were lower, most newer applications and targets still demonstrated high counts of vulnerabilities. While the overall security of web applications and websites seem to be improving, there are still significant security flaws that need to be addressed. The report reveals that 25% of web applications and websites from 2020 have Cross-site Scripting (XSS) vulnerabilities, vulnerable JavaScript libraries, and WordPress-related issues.  The 2020 Web Vulnerability report finds that newer developers do not have the knowledge that is required to avoid vulnerabilities, additionally, developers who are working within a development structure that does not promote web security continue to pursue development strategies that are not secure.

 

Acunetix 2020 Web Vulnerability Report does a deep dive into  Remote Code Execution, SQL Injection (SQLi),  Weak Passwords, and Missing Brute-Force Protection,  Server-side Request Forgery,   Perimeter Network Vulnerabilities,  DoS-related Vulnerabilities, TLS/SSL Vulnerabilities, WordPress (and Other CMS) Vulnerabilities, Web Server Vulnerabilities and Misconfigurations and other specific vulnerabilities 

Download the Report HERE

Interested in learning more about Acunetix v13? Watch the Video 

Source: https://www.acunetix.com/acunetix-web-application-vulnerability-report/

 

 

 

Pacnet reveals cyber breach after Telstra acquisition

, , , ,

In April this year Telstra finished its acquisition of Pacnet, giving it access to Asia’s largest privately owned submarine cable network as part of strategy to expand into Asia.

According to news reports it appears that Telstra received a surprise signing bonus when the purchase was completed – notification that the Pacnet corporate IT network had been breached.

The itnews article claims that this wasn’t discovered during due diligence as Telstra and the Pacnet were competitors at the time and it only had limited access to information.

Access to the Pacnet internal network was gained through a SQL injection attack. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

Attacks of this nature fall under strategy #24 Server Application Hardening ‘e.g. databases, web applications, customer relationship management, finance, human resources and other data storage systems.’ in the Australian Signals Directorate (ASD) Top 35 Mitigation Strategies.

Telstra is now left with the task of advising Pacnet customer about the breach.

Although there are no mandatory breach reporting in Australia although there is strong support for it. In October 2013, the Office of the Australian Information Commissioner (OAIC) released survey findings of community of attitudes towards privacy, which showed that 96 percent of respondents want government agencies and businesses to notify them if their personal information is lost or compromised.

Earlier this year the parliamentary joint committee on intelligence and security (PJCIS) recommended that the Government introduce a mandatory data breach notification scheme before the end of 2015. Australia’s privacy commissioner, Timothy Pilgrim, has highlighted telcos bad track record in Australia highlighting Telstra’s 2011 leak of 734,000 customer details and a further leak of the details of 15,775 customers in 2013.

 

emt Distribution represents Acunetix in Australia and New Zealand. Acunetix was founded to combat the alarming rise in web attacks including SQL Injection and Cross-Site Scripting among others.