Web Security Review: first half 2014

In 2014, 1.3 million people had their personal data stolen! Did you know that? In this first half of the year, 1 in 5 Internet users has already been the victim of personal information theft… HTTPCS is there to make you react.


Web security review in the first half of 2014

Graphic below in French translated into English:

More and more connected objects… more than 12 billion connected objects which also represents more web services or 1 billion searchable web applications

This logically creates more security flaws


Some attacks in 2014

Orange: 1.3 million people’s personal data stolen

Ebay: data leakage from the 145 million uses of the platform and other non-financial data

Domino’s pizza: Financial blackmail by hackers under penalty of disclosure of data from 650,000 customers

The security criteria of a website

Confidentiality, Integrity and availability are the three main security criteria of a site.

72% of websites are vulnerable*

  • 20% have critical vulnerabilities
  • 40% have a backdoor
  • 72% of sites are vulnerable
  • 15% are victims of data expropriation
  • 81% of mobile sites are vulnerable

Antivirus isn’t much use anymore**

The “hack” in detail

  • Forwards: white hat and black hat
  • Targets: individuals, governments and businesses
  • Objectives : Money, spying, identity theft and miscellaneous information
  • Vulnerabilities: people, software, hardware
  • Consequences: loss of data, bad reputation, loss of activity
  • Impacts: confidentiality, availability and integrity


Some key figures

  • One basket out of two is abandoned, 30% due to security problems
  • 83% of passwords are never changed
  • 33% of passwords are easy to find
  • 39% of users use the same password everywhere
  • 52% of sites do not encrypt client passwords
  • One in five Internet users has already been a victim of theft of personal information

The global cost of cybercrime is €327 billion, including €3.76 billion for identity theft.

Security approach

How to have a secure website approach :

  • Learn about common vulnerabilities, what they cause and how to deal with them
  • Detect vulnerabilities on your site
  • Repair challenged lines of code
  • And finally, a step that is often forgotten: keeping the program up to date by conducting a technology watch.

To know more about HTTPCS

*study conducted on a basis of 3,808,042 websites

**Statement by Brian Dye, Senior Vice President Symantec


attaques web 2014



Your email address will not be published.