funsec mailing list archives
Fwd: [Full-disclosure] WASC Announcement: 2007 Web Application Securit y Statistics Published
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Mon, 8 Sep 2008 20:01:08 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What really got me in this report reflects the fact that 7.21% of websites can be SQL-injected automagically. More funs stuff in the report. FYI, - - ferg [forwarded message] From: "Valery Marchuk" <tecklord () securitylab ru> To: <full-disclosure () lists grok org uk> Date: Mon, 8 Sep 2008 22:43:17 +0300 The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. Goals 1. Identify the prevalence and probability of different vulnerability classes 2. Compare testing methodologies against what types of vulnerabilities they are likely to identify. The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic order): - - Booz Allen Hamilton - - BT - - Cenzic with Hailstorm and ClickToSecure - - dblogic.it - - HP Application Security Center with WebInspect - - Positive Technologies with MaxPatrol - - Veracode with Veracode Security Review - - WhiteHat Security with WhiteHat Sentinel The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity. The detailed information can be found here: http://www.webappsec.org/projects/statistics/ If you represent an organization that performs vulnerability assessments on websites, particular in those in custom web applications, through a manual or automated process and would like to participate please let us know. Please contact Sergey Gordeychik (statistics_at_webappsec.org). Regards, - - statistics_at_webappsec.org http://www.webappsec.org/ The Web Application Security Consortium _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ [end] -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIxYR+q1pz9mNUZTMRApx0AJ9CVzynfpmC3xVjtE6lCp3yhBltQACgqMHj zvLVfuDbqTaJKkSRnUK39Vc= =wSNX -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fwd: [Full-disclosure] WASC Announcement: 2007 Web Application Securit y Statistics Published Paul Ferguson (Sep 08)