An international team of researchers has created a scanning tool to reduce the vulnerability of websites to hacking and cyberattacks.
The black box security assessment prototype, which was tested by engineers in Australia, Pakistan, and the UAE, outperforms existing web scanners, which collectively fail to detect the top ten weaknesses in web applications.
Dr Yousef Amer, a mechanical and systems engineer at UniSA, is one of the co-authors of a new international paper that describes the tool's development in the wake of increasing global cyberattacks.
Cybercrime cost the globe $6 trillion in 2021, representing a 300 percent increase in online criminal activity over the previous two years.
Remote working, cloud-based platforms, malware, and phishing scams have resulted in massive data breaches, while the implementation of5G and Internet of Things (IoT) devices has made us more connected – and vulnerable – than ever. Dr. Yousef Amer and colleagues from Pakistan, the United Arab Emirates, and Western Sydney University highlight numerous security flaws in website applications that are costing organisations badly.
Because of the pervasive use of eCommerce, iBanking, and eGovernment sites, web applications have become a prime target for cybercriminals looking to steal personal and corporate information and disrupt business operations. Despite an anticipated $170 billion global outlay on internet security in 2022 against a backdrop of escalating and more severe cyberattacks, existing web scanners, according to Dr. Amer, fall far short of evaluating vulnerabilities.
“We have identified that most of the publicly available scanners have weaknesses and are not doing the job they should,” he says.
Almost 72% of businesses have experienced at least one serious security breach on their website, with vulnerabilities tripling since 2017. According to WhiteHat Security, a world leader in web application security, 86% of scanned web pages have on average 56% vulnerabilities. At least one of these is classified as critical. The researchers compared the top ten vulnerabilities to 11 publicly available web application scanners.
“We found that no single scanner is capable of countering all these vulnerabilities, but our prototype tool caters for all these challenges. It’s basically a one-stop guide to ensure 100 per cent website security. There’s a dire need to audit websites and ensure they are secure if we are to curb these breaches and save companies and governments millions of dollars,”Dr Amer stated.