Wednesday, March 4, 2015

Wordpress most hacked web Content Management System (CMS)


Summary  from http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed5.pdf

Threat Growth

Malicious traffic exposure has increased significantly year-over-year. The following substantial increments were observed:

Wordpress #1 on hackers list; 

  1. Wordpress is the most attacked Content Management System (CMS)
  2. Websites running Wordpress were attacked 24.1% more than websites running on all other CMS platforms combined.
  3. Wordpress suffers 60% more Cross Site Scripting (XSS) incidents than all other CMS-running websites combined.


Targets

  1. Retail applications suffer the most from web application attacks; financial institutions second.
  2.  48.1% of all attack campaigns targeted retail web sites, while 10% targeted financial institutions.
  3.  40% of all SQL injection attack campaigns targeted retail web sites.
  4.  64% of all malicious HTTP traffic (protocol violations and malformed requests) was targeted at retail websites.


Extra

  1.  PHP applications suffer three times as many Cross Site Scripting Attacks as .NET applications.
  2.  Websites containing some form of consumer information suffer up to 59% of the attacks
  3.  An increase of 10% in SQL Injection (SQLi) attacks
  4.  An increase of 24% in Remote File Inclusion (RFI) attacks
  5.  Attacks are 44% longer in comparison to the prior period reviewed (i.e., from June 1, 2012 to November 30, 2012].
Posted by metadataconsulting (profile) at 1:07 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)