91% Of Websites Are Hackable

Well..according to Acunetix (a provider of enterprise grade security scanning products). At first glance it seems an alarming figure and I would forgive you if you thought that perhaps they might be exaggerating those figures a little. I don’t believe that’s the case … let me explain why.

Let’s use houses as an analogous example. Of all the houses in your town or city, how many do you think are totally impenetrable? I bet that with the right tools you or I could break into just about any house. It’s really only the ones with the razor wire, electric fence, dogs, bees, and dogs with bees in their mouth that might prove to be too great a challenge. Networked computers are much the same as houses. They have entry points (just as the house has entry points such as windows, doors and sky-lights’) and whether someone is able to break in depends on how strong those entry points are. So, when you stop and think about it, 90% isn’t such an alarming figure.

What’s more worrying is that Acunetix also says that ‘ Out of 3,200 sites scanned, 70% had vulnerabilities with either a medium or high-risk rating’. If we use our house analogy, it’s like saying that ‘70% of the houses we tried to get into had the front door unlocked or open’. It’s a scary percentage but I suspect that it’s not going to surprise many in the Internet/IT industry. SQL injection and cross site scripting (XSS) are still rampant and unless someone can develop a product that can block all  XSS and SQL injection attempts at the firewall (which is not really practical) then that’s not going to change any time soon.

In the meantime, those of us who care will continue to try and find new and better ways of keeping the bad guys out 🙂