Released on = February 14, 2007, 6:03 am

Press Release Author = Tamara Borg

Industry = Software

Press Release Summary = Acunetix reveals latest statistics based on one year of
conducting web application scans

Press Release Body = Kirkland, Washington - February 13, 2007 - Businesses and
non-commercial entities have much to consider when it comes to securing their web
applications and the data they keep on customers and patrons. Acunetix, a leading
vendor of web application security solutions, today revealed that on average 70% of
websites are at serious and immediate risk of being hacked.

Since January 2006, Acunetix has been offering a free automated web scan for
qualifying websites. Out of a total of 10,000 applications, Acunetix has scanned
3,200 sites belonging to either businesses or non-commercial entities.

Alarming results

70% of the websites scanned were found to contain high or medium vulnerabilities.
There is an extremely high probability of these vulnerabilities being discovered and
manipulated by hackers to steal the sensitive data these organizations store.



On average 91% of these websites, contained some form of website vulnerability,
ranging from the more serious such as SQL Injection and Cross Site Scripting to more
minor ones such as local path disclosure or directory listing.



Approximately 66 vulnerabilities per website were found for a total of 210,000
vulnerabilities over the scanned population.

50% of the websites with instances of high vulnerabilities were susceptible to SQL
Injection while 42% of these websites were prone to Cross Site Scripting. Other
serious vulnerabilities include Blind SQL Injection, Cross Site Scripting, CRLF
Injection and HTTP response splitting, as well as script source code disclosure.

"The results show clearly that the problem of unsafe web applications is being
ignored completely," stated Kevin J Vella, VP Sales and Operations of Acunetix.
"These statistics should compel organizations to take a serious look at their
security infrastructure - the recent hacks into TJX, UCLA and the Dolphin Stadium
are proof enough that the problem is very real and looks like it is here to stay.
Companies, governments, and universities are bound by law to protect our data. Yet
web application security is, at best, overlooked as a fad. Without sounding
apocalyptic, I believe the 70% figure should send tremors not just ripples in the
market."

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically
checking for SQL injection, Cross site scripting and other vulnerabilities. It
checks password strength on authentication pages and automatically audits shopping
carts, forms, dynamic content and other web applications. As the scan is being
completed, the software produces detailed reports that pinpoint where
vulnerabilities exist.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship
product, Acunetix Web Vulnerability Scanner, is the result of several years of
development by a team of highly experienced security developers. Acunetix is a
privately held company with headquarters based in Europe (Malta), a US office in
Seattle, Washington and an office in London, UK. For more information about
Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.



Web Site = http://www.acunetix.com

Contact Details =
For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: 888-231-6801, Fax: (+1) 425-650-6873
URL: http://www.acunetix.com.