A Survey of Web Vulnerabilities

Abstract

This study tracked the patching characteristics of the top 100,000 sites to three vulnerabilities: the POODLE attack, the POODLE TLS attack, and the FREAK attack. The study also carried out a survey on top server administrators asking specific questions of the POODLE attack and general questions about an administrator's decision process. The goal was to identify how the web reacts and responds to known vulnerabilities in addition to finding characteristics and tendencies of secure websites. Our research found a slow, yet steady patching rate for all vulnerabilities for most sites. Additionally, our research found little evidence that a site vulnerable to one vulnerability would be vulnerable to another. Lastly, our research found that server administrators are not able to keep with the evolving world of web vulnerabilities due to greater concerns of compatibility and server up time.