Web Security Review: first half 2014

Web Security Review: first half 2014

Web security review in the first half of 2014

Graphic below in French translated into English:

More and more connected objects… more than 12 billion connected objects which also represents more web services or 1 billion searchable web applications

This logically creates more security flaws

Some attacks in 2014

Orange:

1.3 million people’s personal data stolen

Ebay:

data leakage from the 145 million uses of the platform and other non-financial data

Domino’s pizza:

Financial blackmail by hackers under penalty of disclosure of data from 650,000 customers

The security criteria of a website

Confidentiality, Integrity and availability

are the three main security criteria of a site.

72% of websites are vulnerable*

  • 20% have critical vulnerabilities
  • 40% have a backdoor
  • 72% of sites are vulnerable
  • 15% are victims of data expropriation
  • 81% of mobile sites are vulnerable

Antivirus isn’t much use anymore**

The “hack” in detail

  • Forwards: white hat and black hat
  • Targets: individuals, governments and businesses
  • Objectives : Money, spying, identity theft and miscellaneous information
  • Vulnerabilities: people, software, hardware
  • Consequences: loss of data, bad reputation, loss of activity
  • Impacts: confidentiality, availability and integrity  

Some key figures

  • One basket out of two is abandoned, 30% due to security problems
  • 83% of passwords are never changed
  • 33% of passwords are easy to find
  • 39% of users use the same password everywhere
  • 52% of sites do not encrypt client passwords
  • One in five Internet users has already been a victim of theft of personal information

The global cost of cybercrime is €327 billion, including €3.76 billion for identity theft.

Security approach

How to have a secure website approach :

  • Learn about common vulnerabilities, what they cause and how to deal with them
  • Detect vulnerabilities on your site
  • Repair challenged lines of code
  • And finally, a step that is often forgotten: keeping the program up to date by conducting a technology watch.

To know more about HTTPCS

*study conducted on a basis of 3,808,042 websites

**Statement by Brian Dye, Senior Vice President Symantec

attaques web 2014

Leave a Reply

Your email address will not be published. Required fields are marked *

Continue reading

Article suivant
How to choose the right web vulnerability scanner?
How to choose the right web vulnerability scanner?
Cyber Security 03 Jul 2015
In 2014, the volume of cyber attacks increased by 48 % so… Article précédent
Heartbleed OpenSSL: Explanation and Exploit
Heartbleed OpenSSL: Explanation and Exploit
Cyber Security 25 Apr 2014
HeartBleed appeared in 2014 is one of the most dangerous weaknesses nowadays.…

On the same subject

© 2026 Blog Ziwit. All Rights Reserved.