Common culprits include architectural flaws, design flaws and insecure application configurations. Overall, Cenzic pointed the finger at 1,561 unique vulnerabilities in a host of highly popular applications, ranging from Adobe Acrobat’s Reader to Google Desktop and IBM Websphere.

“The most surprising factor is that the majority of companies are vulnerable. And we’re talking here about the crème de la crème Fortune 2000 companies – so I dread to think what is happening with other smaller companies around the world,” says Mandeep Khera, vice-president of marketing for Cenzic.

“It’s a huge problem for financial services firms. They, together with e-retail firms, are the number one target. Because like Al Capone said, that’s where the money is,” he adds.

The most prevalent vulnerabilities are file inclusion, SQL injection, cross-site scripting and directory traversal, totaling 63 percent. The majority of vulnerabilities affected Web servers, Web applications and Web browsers.

And Cenzic says the bulk of these vulnerabilities are easily exploitable. In other words, hackers don’t have to be pros.

Vulnerabilities were found on Adobe Acrobat Reader, Google Desktop, IBM Websphere, IBM Rational ClearQuest Web 7.0, Lotus Domino’s Active Content Filter, the Sun Java Access Manager, Apache Tomcat and BEA WebLogic, to name but a few.

Khera says the main problem is lack of awareness and education. “Most high-level executives don’t know what application security means,” he points out.

When companies use thousands of applications they often lack the resources to fix problems in every single one, Khera adds.

Then again, what if developers working for software giants made sure their new programs didn’t have any security loopholes in the first place?