Web Application Security Consortium (WASC) 2008 Statistics Published

Use Netsparker


The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent regardless of the methodology used to identify them. Industry statistics such as those compiled by Mitre CVE project provide valuable insight into the types of vulnerabilities discovered in open source and commercial applications, this project tries to be the equivalent for custom web applications.

Goals

  1. Identify the prevalence and probability of different vulnerability classes.
  2. Compare testing methodologies against what types of vulnerabilities they are likely to identify.

The statistics was compiled from web application security assessment projects which were made by the following companies in 2008 (in alphabetic order):

  • Blueinfy
  • Cenzic with Hailstorm
  • DNS with WebInspect
  • Encription Limited
  • HP Application Security Center with WebInspect
  • Positive Technologies with MaxPatrol
  • Veracode with Veracode Security Review
  • WhiteHat Security with WhiteHat Sentinel

The statistics includes data about 12186 sites with 97554 detected vulnerabilities. The report contains Web application vulnerability statistics which was collected during penetration testing, security audits and other activities made by companies which were members of WASC in 2008. The statistics includes data about 12186 sites with 97554 detected vulnerabilities.

You can find the full study here:

Web Application Security Statistics

Posted in: Exploits/Vulnerabilities, Web Hacking

, , , ,


Latest Posts:


RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.
Powershell-RAT - Gmail Exfiltration RAT Powershell-RAT – Gmail Exfiltration RAT
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.
SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants etc.
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.


Comments are closed.