Most Web sites have at least one significant vulnerability, according to a study by WhiteHat Security, which examined its own enterprise customers. The study found that 63 percent of Web sites have at least one high, critical, or urgent vulnerability issue, and that the average Web site has seven unfixed vulnerabilities.
The most common vulnerability is cross-site scripting, affecting 65 percent of sites. Information leakage followed, affecting 47 percent. Thirty percent of sites had spoofing bugs, and 18 percent had insufficient authorization. Social networking companies had the most flaws, with 82 percent of sites infected. They were followed by IT firms, with 75 percent; financial companies, with 65 percent; insurance firms, with 64 percent; and retail companies, with 61 percent. Healthcare had the fewest flaws with 47 percent of sites infected.