70% Sites hackable

Acunetix says so. Since the beginning of 2006 they have scanned over 10 000 programs and 3200 sites for vulnerabilities. They say that 70% of the sites can be manipulated & sensitive information can be stolen by hackers.

Well, I hope it’s a hacker who discovers the bug in your site, because they will gently report it to you, if you’re lucky they’ll even give you a fix. The crackers however, that would be dangerous. I do believe many sites can be hacked, 70% however, is a little exaggerated. Maybe if they have checked only little sites they would have reached this amount, although Acunetix says that they’ve checked lots of business sites, and other big sites.

Beside this, it’s also nice to know what kind of hack is possible. We now that 50% of the hacks can be made by SQL injection, and 42% by cross scripting. But can you hack a simple webmaster-forum, so you have 2000 user names and passwords? Well, they may have it, just reset the forum, and register again. If they can hack sites of banks, that’s another thing.

I’m not the only one who thinks 70% is exaggerated. Joel Snyder, a security expert, says this is just sensation-loving nonces. He is sure they can’t realize what they say, and this is how he mentioned it:

Let’s get their list of 3,200 sites, pick 10 at random, and see if they can ’steal sensitive data’ from those sites. They say they’ll be able to hack into seven of them. I’ll bet $1,000 they can’t steal personal data from three of them.

Pretty nice challenge, and Acunetix has accept it. They actually had to, who wouldn’t accept it with that much money. But also because their statement would be very unbelievable if they hadn’t accept it. Acunetix hasn’t done anything yet. Does it just take a while, or are we right when we say they overestimated it? I’ll let you know.