US retailers are more at risk of web app attacks compared to EU-based retailers. These are data revealed in the 2020 report on web application security for retail and e-commerce Outpost24. The company cyber security calculated that the web applications used by retailers in the US had an overall average risk rating of 35, while the corresponding risk for their EU counterparts was 31.
In particular, retailers in the US were found to have a wider area attack, running more exposed web applications (3.357) compared to those in the EU (2.799). Nevertheless, retailers in the EU had a higher percentage of applications they use, in which they were located vulnerabilities (27%), compared to those based in the US (22%).
The biggest attackers for both US and EU retailers were security mechanisms, with a risk exposure score of 99 and 90,5, respectively, according to the report. The researchers noted that the use of HTTP website and the unlimited access on an unsafe site would contribute to a higher attack risk score.
The second largest attacker is active content, with risk ratings of 88 or higher calculated for both US and EU retailers. The third largest attacker was the distribution rating, for which all retailers had a rating above 77,9. According to Outpost24, this is due to the difficulty of securing all product pages that are usually located on large sites E-commerce.
According to Infosecurity Magazine, the report also found that a large percentage of retailers (90% in the EU and 50% in the US) currently run outdated publications JQuery in their applications, which may expose them to scripting attacks targeting their sites. For example, it was revealed that almost 2.000 stores e-commerce with the popular software Magento were attacked over a weekend in September.