The FBI’s National Infrastructure Protection Center and the SANS
Institute, a research and education organisation made up of US
government, corporate and academic experts have named their annual
top 20 security vulnerabilities “most often exploited by
hackers.”
The FBI and the Sans Institute said in a joint statement that the initiative “establishes a benchmark for internet users and business partners to employ in requesting information about the security status of organisations they need to trust.”
The top-ranked vulnerability is the failure by web servers to handle “unanticipated requests,” a problem which can be exploited by a remote attacker to view the source code of scripted applications or view files the web server has been instructed not to serve, such as confidential data. Other problems that are named in the list leave businesses open to denial of service attacks.
A list of the Top Twenty vulnerabilities and protection instructions (for both Windows and Unix operating systems) is available from:
www.sans.org/top20/
