The 20 Most Critical Internet Security Vulnerabilities

Filed under: — By Aviran Mordo @ 12:43 pm

Global security experts join to issue annual update of SANS top 20 most critical internet vulnerabilities report.

The new report finds significant shifts in software being targeted by attackers.The SANS Top 20, produced since 2000, is the security experts’ consensus of the most critical security vulnerabilities. These vulnerabilities are the programming flaws, contained in popular software packages, that deserve immediate attention from security professionals, CIOs and auditors to protect Internet-connected systems from widespread attacks.

The 2005 Top 20 reflects a significant shift from prior years in cyber attack targets. For five years, the majority of attacks targeted operating systems like UNIX and Windows and Internet services like web servers and mail systems. In 2005, however, a new wave of attacks concentrated on application programs.

The most noticeable set of applications that are being targeted by attackers are the backup and recovery tools and the antivirus and other security tools that most organizations think are keeping them safe from attacks and from loss of data. Now many of those systems have been shown to have critical vulnerabilities.

A second important shift in the Top 20 is public recognition of the critical vulnerabilities that are found in network devices such as routers and switches that form the backbone of the Internet. Network devices often have on-board operating systems and can be programmed just like computers. Compromises of network devices can provide attackers one of the most fruitful latforms for eavesdropping and launching targeted attacks.

You can read the complete list here


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress