[ad]<\/p>\n
Purpose<\/strong><\/p>\n The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent regardless of the methodology used to identify them. Industry statistics such as those compiled by Mitre CVE project provide valuable insight into the types of vulnerabilities discovered in open source and commercial applications, this project tries to be the equivalent for custom web applications<\/p>\n Goals<\/strong><\/p>\n Methodology<\/strong><\/p>\n The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic order):<\/p>\n Booz Allen Hamilton There’s some pretty interestesting statistics there.<\/p>\n Read the full report here:<\/p>\n <\/p>\n\n
\nBT
\nCenzic with Hailstorm and ClickToSecure
\ndblogic.it
\nHP Application Security Center with WebInspect
\nPositive Technologies with MaxPatrol
\nVeracode with Veracode Security Review
\nWhiteHat Security with WhiteHat Sentinel<\/p>\n