WebProNews

Half of all online retailers Web sites are vulnerable to database attacks according to The Ecommerce Application Security Trends report from ScanAlert. The report examined 27,000 online merchants of all sizes.

Forty five percent of sites had serious database vulnerability such as SQL Injection and fifty percent had Cross Site Scripting vulnerabilities. SQL Injection is a type of software vulnerability that allows hackers to penetrate databases to steal private information used for fraud and identity theft.

When it comes to which online retailers are most vulnerable to attacks they all have flaws that can be exploited by hackers. “When you apply the results of our research to the millions of websites that sell products and services online, it gets very scary very quickly," said ScanAlert's
VP of Security Services Brett Oliphant. "Surprisingly, we've found that these holes are just as likely to exist on sites run by big name retailers as on small 'Mom and Pop Shop' sites."

Sites running on Microsoft were found to be twice as vulnerable and remain a favorite target for hackers. The report noted that sites using Microsoft’s IIS Web server software were twice as likely to have database vulnerabilities compared to those using Apache open-source Web server software.

Cross Site Scripting vulnerabilities was found to be an increasing security threat that allows hackers to conduct phishing attacks and is even more widespread than database vulnerabilities.

"Hackers can combine Cross Site Scripting holes with email and phishing links to trick unsuspecting people into visiting hacker-owned sites where they will unknowingly provide personal info like credit cards," Oliphant added. "Although we have yet to see Cross Site Scripting vulnerabilities exploited to the same degree as database holes, they do carry risks which will only increase as hackers become more devious at getting consumers to click on links."

Add to Del.icio.us | Digg | Reddit | Furl