Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Cross-Site Scripting ranks first in top security risks

  • 19 September, 2006 22:46

<p>Acunetix calls for regular website auditing to guard against attackers’ new preferred flaw</p>
<p>London, UK – 19 September, 2006 – In recent years, buffer overflows topped the list as the most popular vulnerability used by hackers to compromise websites. However, the latest report from Mitre Corp., a US government funded research organization, clearly indicates that hackers are moving away from acts of vandalism to the more lucrative exploits of data theft. In fact, Cross-Site scripting and SQL Injection are now the most preferred hacking techniques used by hackers since these vulnerabilities allow access to such data as credit card details.</p>
<p>The Common Vulnerabilities and Exposures (CVE) project by Mitre, reported that out of the 4375 security issues catalogued in the first nine months of 2006, web-related flaws have captured the top three spots: 21.5 percent of the CVEs were cross-site scripting (XSS) vulnerabilities; 14 percent SQL Injection and 9.5 percent php “includes”. Buffer overflows came fourth, at 7.9 percent.</p>
<p>The increasing popularity of XSS bugs indicates that attackers are concentrating more on programming languages typically used for Web applications, such as Java, .Net and PHP. Buffer overflows, on the other hand, affect executable files written in languages such a C.</p>
<p>Assessing the security of a website</p>
<p>This increase in Web-based flaws stems directly from the simplicity of exploiting such vulnerabilities as XSS, and the enormous number of web applications freely available. In general, websites with such web applications as shopping carts, forms, login pages and dynamic content are always a prime target for attack. This is because, web applications require open and direct access to backend databases to function properly. If improperly coded, these common applications become easy gateways to social security numbers, credit card details and even medical records.</p>
<p>About Acunetix Web Vulnerability Scanner</p>
<p>Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. Furthermore, Acunetix protects against the embedding of Javascript malware in a web-page through its JavaScript Analyzer. Such protection secures all AJAX applications. Acunetix WVS also checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.</p>
<p>Acunetix provides free audit to help companies determine the security of their websites</p>
<p>Enterprises who would like to have their website security checked can register for a free audit by visiting Participating enterprises will receive a summary audit report showing whether their website is secure or not. Summary reports will be delivered within five business days of submission.</p>
<p>About Acunetix</p>
<p>Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit:;</p>
<p>All product and company names herein may be trademarks of their respective owners.</p>
<p>For more information:
Please email Tamara Borg:
Acunetix Ltd: Tel: (+44) 0845 6126712, Fax: (+44) 0845 6126716

Most Popular

Brand Post

Most Popular Reviews

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?