Reports on Web Application Vulnerabilities
Two recent reports discuss the growth in web application vulnerabilities.
The latest Microsoft Security Intelligence Report on threats, vulnerability disclosures, exploits and malicious software in the the first half of 2009 highlights, amongst many other things the growth of automated SQL injection attacks. It is both broad and deep, but with coverage on all types of software — operating systems, applications and web applications.
There is more detailed information about web application vulnerabilities in the previously discussed WASC Web Application Security Statistics and to a certain extent in the IBM X-Force Trend and Risk Report which suggested the growth of vulnerabilities in standard (off-the-shelf) software web application is beginning to plateau.
These figures do not include custom-developed Web applications or customized versions of these standard packages, which also introduce vulnerabilities.
The IBM report suggests that web application vulnerabilities account for around half of all vulnerability disclosures. These are mainly cross site scripting (XSS), SQL injection, and file include vulnerabilities.
Posted on: 06 November 2009 at 07:37 hrs
Comments are filtered automatically and should appear shortly after they been checked.