According to the Web Application Security Forum, 83 per cent of all websites have at least one serious vulnerability, whilst tech research firm Gartner states that successful exploitation can lead to "the total compromise of the entire local network of an organisation".
To help combat possible exploitation, Swiss security company High-Tech Bridge has launched ImmuniWeb Self-Fuzzer, a new free Firefox extension that allows users to detect in real time cross-site scripting and SQL-injection vulnerabilities in their web applications.
Rather than working as a web application security scanner or crawler, ImmuniWeb Self-Fuzzer works as a real time web fuzzer - an automated technique used to discover security loopholes.
Once activated by a user in their browser, the app carefully follows all HTTP requests and fuzzes them instantly, carefully checking all HTTP parameters passed within the requests.
As well as fuzzing, results are also displayed in real-time, notifying user immediately upon vulnerability detection.
Cross-site scripting and SQL-injection exploits take advantage of the most common coding errors in web applications. In both cases, user input is allowed via web forms, and that input is passed into the system for processing.
Good programming requires that the input is filtered before acceptance so that any unexpected or unacceptable characters are removed or not allowed.
Often, however, the filtering process is omitted or inadequate. As a result, hackers are able to use the forms, through careful coding, to input their own commands to the internal database. Typically, they can trick the system into providing an administrator password.
ImmuniWeb Self-Fuzzer is designed to identify and report these flaws, so protecting users from potential hacks, High-Tech Bridge explains.