«
»

Most common high risk vulnerabilities

SQL injection, cross-site scripting, and cross-request forgery attacks are rated the most common high risk vulnerabilities. Not only that, NTA found that 27% of all applications contained at least one high risk issue — most dramatic change seen within charity and not-for-profit clients. See proposed suggestions, though I don’t agree that they provide protection for all of the noted attacks -

• Make sure all user-supplied data is properly sanitised before returning it to the browser or storing it in a database.
• Organisations should switch from a persistent authentication method to a transient authentication method to help prevent cross-request forgery attacks.
• An account lockout mechanism should be in place, to lock out accounts permanently or temporarily, to help prevent attackers from being able to brute force user accounts.

This entry was posted on September 8, 2009 at 3:36 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Most common high risk vulnerabilities”

  1. database development Says:
    March 20, 2012 at 1:25 pm | Reply

    database development…

    [...]Most common high risk vulnerabilities « Information Risk[...]…

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 994 other followers