Released on = September 19, 2006, 5:13 am

Press Release Author = Tamara Borg / Acunetix

Industry = Software

Press Release Summary = Acunetix calls for regular website auditing to guard against
attackers' new preferred flaw

Press Release Body = London, UK - 19 September, 2006 - In recent years, buffer
overflows topped the list as the most popular vulnerability used by hackers to
compromise websites. However, the latest report from Mitre Corp., a US government
funded research organization, clearly indicates that hackers are moving away from
acts of vandalism to the more lucrative exploits of data theft. In fact, Cross-Site
scripting and SQL Injection are now the most preferred hacking techniques used by
hackers since these vulnerabilities allow access to such data as credit card
details.

The Common Vulnerabilities and Exposures (CVE) project by Mitre, reported that out
of the 4375 security issues catalogued in the first nine months of 2006, web-related
flaws have captured the top three spots: 21.5 percent of the CVEs were cross-site
scripting (XSS) vulnerabilities; 14 percent SQL Injection and 9.5 percent php
"includes". Buffer overflows came fourth, at 7.9 percent.

The increasing popularity of XSS bugs indicates that attackers are concentrating
more on programming languages typically used for Web applications, such as Java,
.Net and PHP. Buffer overflows, on the other hand, affect executable files written
in languages such a C.

Assessing the security of a website

This increase in Web-based flaws stems directly from the simplicity of exploiting
such vulnerabilities as XSS, and the enormous number of web applications freely
available. In general, websites with such web applications as shopping carts, forms,
login pages and dynamic content are always a prime target for attack. This is
because, web applications require open and direct access to backend databases to
function properly. If improperly coded, these common applications become easy
gateways to social security numbers, credit card details and even medical records.

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically
checking for SQL injection, Cross site scripting and other vulnerabilities.
Furthermore, Acunetix protects against the embedding of Javascript malware in a
web-page through its JavaScript Analyzer. Such protection secures all AJAX
applications. Acunetix WVS also checks password strength on authentication pages and
automatically audits shopping carts, forms, dynamic content and other web
applications. As the scan is being completed, the software produces detailed reports
that pinpoint where vulnerabilities exist.

Acunetix provides free audit to help companies determine the security of their websites

Enterprises who would like to have their website security checked can register for a
free audit by visiting www.acunetix.com/security-audit. Participating enterprises
will receive a summary audit report showing whether their website is secure or not.
Summary reports will be delivered within five business days of submission.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship
product, Acunetix Web Vulnerability Scanner, is the result of several years of
development by a team of highly experienced security developers. Acunetix is a
privately held company with headquarters based in Europe (Malta), a US office in
Seattle, Washington and an office in London, UK. For more information about
Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.

For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712, Fax: (+44) 0845 6126716
URL: http://www.acunetix.com.

Web Site = http://www.acunetix.com/news/cross-site-scripting.htm

Contact Details = For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712, Fax: (+44) 0845 6126716
URL: http://www.acunetix.com.