18 September 2008 | 5,027 views

Web Application Security Statistics for 2008

Cyber Raptors Hunting Your Data?

Purpose

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent regardless of the methodology used to identify them. Industry statistics such as those compiled by Mitre CVE project provide valuable insight into the types of vulnerabilities discovered in open source and commercial applications, this project tries to be the equivalent for custom web applications

Goals

  1. Identify the prevalence and probability of different vulnerability classes
  2. Compare testing methodologies against what types of vulnerabilities they are likely to identify.

Methodology

The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic order):

Booz Allen Hamilton
BT
Cenzic with Hailstorm and ClickToSecure
dblogic.it
HP Application Security Center with WebInspect
Positive Technologies with MaxPatrol
Veracode with Veracode Security Review
WhiteHat Security with WhiteHat Sentinel

There’s some pretty interestesting statistics there.

Read the full report here:

http://www.webappsec.org/projects/statistics/

Advertisements



Recent in Web Hacking:
- Shadow Daemon – Web Application Firewall
- OWASP Zed Attack Proxy – Integrated Penetration Testing Tool
- Web Security Dojo 2.0 – Self-Contained Web Hacking Training

Related Posts:
- Web Application Security Consortium (WASC) 2008 Statistics Published
- Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)
- Samurai Web Testing Framework 0.6 Released – Web Application Security LiveCD

Most Read in Web Hacking:
  • wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 650,838 views
  • Web Based E-mail (Hotmail Yahoo Gmail) Hack/Hacking with JavaScript - 309,835 views
  • Download youtube.com videos? - 156,149 views


  • Advertise on Darknet

    2 Responses to “Web Application Security Statistics for 2008”

    1. Nico 18 September 2008 at 7:02 pm Permalink

      I find that some vulnerabilities are under represented in these stats.

      For example, WSDL exposure is becoming more and more common in site that I had to test.

      Nico

    2. SpikyHead 21 September 2008 at 6:22 am Permalink

      Why can’t OWASP and WASc join hands to produce such reports especially when both are getting help from CVE MITRE to produce their reports.