A white paper released today by malware monitoring company Dasient identifies third party elements beyond the control of company webmasters as the biggest security holes in most enterprise web sites. Specifically, Dasient identifies third party JavaScript widgets, advertising and web applications as the biggest liabilities.
Malware certainly isn’t new to the web, but according to data compiled by Microsoft and Websense and cited by Dasient, daily malware infection have been growing rapidly over the past few years.
Third-party Widgets
By widgets, Dasient is referring to traffic analytics, embedded video, polls, and other JavaScript based apps that connect to third party web sites. The more of these widgets a website employs, the more opportunity there is for malware to find its way onto a site. Even legitimate service providers can be compromised. According to Dasient, 75% of websites use external JavaScript widgets.
Third-party Advertising
The highest profile case of “malvertising” was last year’s New York Times ad hijack. Hackers posed as a legitimate national advertiser placed an innocuous ad for a week, then switched it out for a malware propagating fake antivirus ad. Dasient says 42% of websites display external advertisements.
Third-party applications
Help desk, forums, CRM, CMS and other externally facing web applications can all be exploited, especially if they’re not properly patched. The report sites a whopping 91% of websites have some outdated web applications.
About Dasient
Dasient, founded by former Google engineers Neil Daswani and Shariq Rizvi and former McKinsey strategy consultant Ameet Ranadive, offers malware risk assessment, monitoring and removal services. In addition to various paid services, the company offers a free monitoring tool to notify web masters if their site has been blacklisted. We previously covered Dasient here.
