State of the Web Report 2016

1 point

9 years ago

Translation of key points from respected German IT magazine heise.de [1] about Menlo Security's paywalled web security report [2] published today:

- top vulnerable web server is nginx 1.8.0 followed by IIS 7.5

- vulnerabilities (mostly phishing) not limited to porn or other sites with questionable content; use of foreign content (ads, cdns) main vector for phishing attacks (who would've thought?)

- recommends to always use ad blockers; also recommends to use HTML subresource integrity feature to web developers

While most points aren't surprising, I'd expected nginx to have a better security record.

[1] https://www.heise.de/newsticker/meldung/State-of-the-Web-2016-Jede-zweite-Website-ist-ein-Sicherheitsrisiko-3569114.html (in German)

[2] https://www.menlosecurity.com/state-of-the-web-ig-lp-2016