An international team of researchers has developed a scanning tool to make websites less vulnerable to hacking and cyberattacks. The black box security assessment prototype, tested by engineers in Australia, Pakistan and the United Arab Emirates, is more effective than existing web scanners which collectively fail to detect the top 10 weaknesses in web apps.
What does the it mean for the cybersecurity industry?
University of South Australia (UniSA) mechanical and systems engineer Dr Yousef Amer is one of the co-authors of a new international paper that describes the development of the tool in the wake of escalating global cyberattacks. Cybercrime cost the world $6 trillion in 2021, reflecting a 300% hike in online criminal activity in the past two years.
Remote working, cloud-based platforms, malware and phishing scams have led to skyrocketing data breaches, while the rollout of 5G and Internet of Things (IoT) devices has made us more connected – and vulnerable – than ever. Dr Yousef Amer and colleagues from Pakistan, the United Arab Emirates and Western Sydney University, highlight numerous security weaknesses in website applications and how these are costing organisations dearly.
WhiteHat Security, a web application security firm, estimates that 86% of scanned web pages have on average 56% vulnerabilities. At least one is classified as critical. They compared 11 publicly available web application scanners against the top 10 vulnerabilities.
How effective is the scanning tool?
Due to the widespread adoption of eCommerce, iBanking and eGovernment sites, web apps have become a target of cybercriminals who want to steal individual and company data and disrupt business activities. Despite a projected $170bn global outlay on internet security in 2022 against a backdrop of escalating and more severe cyberattacks, existing web scanners are falling way short when it comes to assessing vulnerabilities, according to Dr Amer.
“We have identified that most of the publicly available scanners have weaknesses and are not doing the job they should,” he says. Nearly 72% of organisations globally have suffered at least one serious security breach on their website, with vulnerabilities tripling since 2017.
“We found that no single scanner is capable of countering all these vulnerabilities, but our prototype tool caters for all these. It’s basically a one-stop guide to ensure 100% website security. There’s a dire need to audit websites and ensure they are secure if we are to curb these breaches and save companies and governments millions of dollars,” Dr Amer says.
The researchers are now seeking to commercialise their prototype.