I Scanned 100 Websites for Security Vulnerabilities (The Results Are Alarming)

1 / 2

I Scanned 100 Websites for Security Vulnerabilities (The Results Are Alarming)

DEV Community·DiMeng·24 days ago

#vS1Hbgg8

#websecurity #cybersecurity #devsecops #security #scanner #missing

Reading 0:00

15s threshold

I Scanned 100 Websites for Security Vulnerabilities Over the past month, I ran WebSec Scanner Pro against 100 random websites to see just how bad the security situation really is. The results? Worse than I expected. The Numbers Vulnerability Type Found In Severity Missing Security Headers 78% Medium Outdated Server Software 52% High CORS Misconfiguration 34% Medium Exposed .git/config 12% Critical Open Admin Panels 8% Critical SQL Injection (Basic) 6% Critical Top 5 Most Common Issues 1. Missing Security Headers (78%) The vast majority of sites don't set basic security headers: X-Frame-Options: MISSING (clickjacking risk) Content-Security-Policy: MISSING (XSS risk) Strict-Transport-Security: MISSING (MITM risk) Enter fullscreen mode Exit fullscreen mode 2. Outdated Software (52%) Over half the scanned sites run server software with known CVEs. Some were 3+ major versions behind. 3.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

I Scanned 100 Websites for Security Vulnerabilities (The Results Are Alarming)