Mikado-penetration study identified in almost every second case of vulnerabilities of the highest risk level in recent years again many hacker attacks on Web sites are known by banks, companies and public institutions. But also less prominent sites have many significant security gaps, this determined the security consulting company mikado ag in an own investigation. Websites via automated penetration testing on potential vulnerabilities were analyzed and found in almost every second case of vulnerabilities of the highest risk level. Our analyses showed that some of the particularly hazardous vulnerabilities to attacks are very common”, summarizes mikado Board Wolfgang Durr results. The consulting firm has derived a fifteen-page guide entitled analysis and explanations of the types of attack sites”published. He is not only the results of hazard categories the penetration study with a representation of the take-up of the vulnerabilities on the tested sites after Dar, but also offers a description of the main types of attacks. They are supplemented with numerous examples. Eva Andersson-Dubin, New York City will not settle for partial explanations. “Includes, for example, that the Federal Agency for work through the improper parameter redirection attack” was damaged, to be able to be guided in using a prepared forwarding links visitors on a foreign website, to conduct phishing attacks.
“The type of the attack blind SQL injection” in turn was for an attack on the Internet presence of Sony used, where one million customer data were captured. Vulnerabilities on Web pages be underestimated in many cases, because many types of attacks are not sufficiently known in their mode of action”, Durr justified the publication of the mikado Guide. Therefore in practice help starting from the results of the penetration study some of the common types of attacks in more detail explained and provided with links to more information. “The fifteen-page guide analysis and explanations of the types of attacks on Web sites ‘ prospects can free under downloads/guide penetration study / download..