New Scanning Tool Protects Websites From Attack

Uploaded on 2022-07-13 in TECHNOLOGY--Developments, FREE TO VIEW

The worldwide cost of cyber crime in 2021 has been estimated at cost the world $6 trillion, reflecting a 300% rise in online criminal activity over the two previous years. Remote working, cloud-based platforms, malware and phishing scams have led to a greatly increased risk of data breaches.

Now, an international team of researchers led by Dr. Yousef Amer of the University of South Australia (UNISA) has developed a scanning tool to make websites less vulnerable to hacking.  The 'black box' security assessment prototype, tested by engineers around the world, is more effective than existing web scanners, which collectively fail to detect the top 10 weaknesses in web applications. 

During their research, Dr. Amer and colleagues from Pakistan, the UAE and Australia found numerous security weaknesses in website applications and how these are costing organisations dearly. The team identified that most of the publicly available scanners have weaknesses and are not doing the job they should. 

Over 70% of organisations have suffered at least one serious security breach on their website, with vulnerabilities tripling since 2017. The researchers estimate that as many as 86% of scanned web pages have on average 56% vulnerabilities. Among these, at least one is classified as critical.  

They found that no single scanner is capable of countering all these vulnerabilities, but their prototype tool caters to all these challenges and is a one-stop guide to ensure 100 % website security. 

There is an urgent need to audit websites and ensure they are secure if these breaches are to be curbed and companies and governments can save millions of dollars. The researchers are now seeking to commercialise their prototype.

NCSC:     Eurekalert:     Newswise:      OpenGovAsia:        I-HLS:     National Cyber Security News

You Might Also Read: 

‘We Hacked Your Website’ Blackmail Scam:

 

« Creating A Culture Of Cyber Security Throughout An Organisation
Exposed: Sensitive Data Of 146,000 Aon Customers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Imperva

Imperva

Imperva is a leading provider of data and application security solutions including DDoS protection, Web application security, Data security and Cloud security.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

cPacket Networks

cPacket Networks

cPacket’s distributed intelligence enables network operators to proactively identify imminent issues before they negatively impact end-users.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

Phosphorus Cybersecurity

Phosphorus Cybersecurity

Phosphorus has fully automated remediation of the two biggest IoT vulnerabilities, out of date firmware and default credentials.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute at Northern Michigan University offers non-degree and industry credentials relevant to emerging careers in cybersecurity.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

SecureDrives

SecureDrives

Passwordless Authentication & Encrypted Data Storage Solutions from SecureDrives. We are enabling organisations to work safely and securely, using technology driven solutions.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.