Most websites have serious security flaws

Al CaponeA survey of 5,500 companies has shown that nearly half of the web applications scanned contained a “high security” vulnerability such as XSS or SQL injection.

But worse, nearly four out of five are affected by a medium security vulnerability, according to a report from security vendor Acunetix.

Many of the scans Acunetix performed found big bugs prevalent last year, including POODLE, haven’t even been patched.

Nick Galea, the CEO of the company, said part of the problem is that companies are racing to create user friendly interfaces and customer facing apps, and in so doing leaving data open to cyber crook attack.

He said: “These are worrying stats… it’s just like leaving your wallet or unlocked phone lying around in a public place. It’s more a question of how long it takes, rather than if at all, before you are compromised.”

With network vulnerabilities, the picture is better but still worrying, because the company found 10 percent of the servers it scanned were vulnerable to high security risks.

Acunetix describes high security as meaning an attacker can get easy access to target applications, and to backend systems and databases.