subject: 70% Of The Group Purchase Sites Have High-risk Safety Vulnerabilities [print this page] According to the testing of the security testing platform, 70.6% of buy websites have high-risk vulnerabilities, making the buy websites or the users may face security threats. In addition, 54.7% and 66.4% of the buy sites have serious flaws or warning vulnerabilities. At the same time, the report stressed that the security of the large buy sites are much stronger than the industry average level. The proportion of the sites that have high-risk vulnerabilities is 25.0%. The proportion of sites that have serious vulnerabilities sites is12.5%.
Recently, Qihoo released the country's first safety inspection report of the buy sites. 70.6% of the current buy sites have high-risk vulnerabilities and can be easily attacked by hackers. The security situation of the well-known large-scale buy sites is relatively good. The buy sites that have no obvious flaws are just 5.5% of the all.
The buy sites rise in the country in just more than a year. Today, as one of the hottest Internet applications, while the buy web sites are developing at high speed, they also revealed a number of site security issues. Dangdang, Amazon, Jingdong Mall and other well-known e-commerce sites have appeared over the previous abnormal mobility of the price and the loss of orders and other conditions.
During the National Day, a consumer ordered a cell phone battery at Amazon Web site, but the orders are lost after the payment. It was bizarre. The order does not display properly in the system. The analysts said it may be because of the system failure of the web site.
The reasons for these existing vulnerabilities have certain relationship with the low technology the uneven ability to maintain site security. In the high-risk vulnerabilities having been found, cross-site scripting vulnerabilities, buy bugs and SQL injection vulnerabilities are three types of vulnerabilities that appear frequently. The rates of the buy site that have the above vulnerabilities were 61.3%, 41.5% and 19.4%. A large number of sites have many different types of high-risk vulnerabilities at the same time.
In the vulnerabilities of the buy sites, SQL injection vulnerability is one of the most influential vulnerabilities. With this flaw, an attacker could read the website database, get access to the registered user account and password. Even the online payment account of the users may be stolen by the hackers.
In addition, these vulnerabilities may cause a variety of trading or activities of the buy sites secretly manipulated by others. All the information and data of the buy site may be destroyed at any time.
