I called Jeremiah Grossman immediately after seeing the results of the WhiteHat Security report. 81% of web sites analyzed have serious vulnerabilities. That had to be a misprint.
Not according to Jeremiah, CTO of WhiteHat Security. In fact, he insisted several times that many security experts consider that number low. Not only that, the estimated time to fix those security holes is 107 days, over three months.
In our interview, we cover more about Jeremiah’s research and what he is doing to help people recognize the risk. You can download the full report from the WhiteHat Security site, but first, take a listen to the interview; you might want to be sitting down.
Listen to the Interview: Jeremiah Grossman Interview: 81% of Web Sites Analyzed have Serious Vulnerabilities
Highlights from our talk:
– 02:16 86% of websites had a serious vulnerability
– 03:06 How long it takes to fix vulnerability
– 04:12 Top 3 web vulnerabilities
1) Information leakage
2) Cross site scripting
3) Content spoofing
– 06:05 Examples of cross site scripting
– 07:10 How broad and prevelant are the vulnerabilities
– 07:50 Remediation techniques
– 10:05 Future trends in vulnerabilites
– 11:50 Why do you do what you do
– 12:30 How was the survey done
Bio: Jeremiah Grossman
Jeremiah Grossman founded WhiteHat Security in August 2001.
A world-renowned expert in Web security, Mr. Grossman is a founder of the Web Application Security Consortium (WASC), and was named to InfoWorld’s Top 25 CTOs for 2007.
Mr. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA Conference, ISACA, CSI, InfoSec World, OWASP, ISSA, and Defcon as well as a number of large universities. He has authored dozens of articles and white papers, is credited with the discovery of many cutting-edge attack and defensive techniques and is a co-author of XSS Attacks: Cross Site Scripting Exploits and Defense.
Mr. Grossman is frequently quoted in major media outlets such as USA Today, the Washington Post, The Financial Times, InformationWeek, InfoWorld, USA Today, PC World, Dark Reading, SC Magazine, CNET, CSO and NBC news. He frequently alerts the media community to the latest attacks and is not only able to offer in-depth commentary, but also provide his perspective of what’s to come.
Mr. Grossman was named a “friend of Google” and is also an influential blogger (www.jeremiahgrossman.blogspot.com) who offers insight and encourages open dialogue regarding current research and vulnerability trend information.
Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company’s hundreds of websites. Before Yahoo!, Mr. Grossman worked for Amgen, Inc.