Find The Web's Worst Security Flaws
IT security and research organization The SANS Institute is releasing its annual Top 20 list of Internet security vulnerabilities this week, with the intention of offering organizations at least a starting point for addressing critical issues.
Source: PC World"When you tell your systems people to test for thousands of vulnerabilities, your enterprise comes to a stop. What the Top 20 does is give you a place to start your remediation each year," says SANS Director Alan Paller. The SANS list is compiled from recommendations by leading security researchers and companies around the world, from institutes such as the National Infrastructure Protection Center and the U.K.'s National Infrastructure Security Coordination Centre. The Top 20 is actually two lists of 10: the 10 most commonly exploited vulnerabilities in Windows and the 10 most commonly exploited vulnerabilities in Unix and Linux. Topping the Windows list is Web servers and services, while the Unix list leads with BIND domain name systems. While each entry represents a sometimes broad category, the more than 100 page SANS document then drills down into specific security holes in the categories, and instructions for correcting them.
0