Monday, September 18, 2006

Web app vulnw take over top spots

Web application security is where the action is and more numbers to prove it.

Numbers from Mitre's CVE (via Steve Christey)
Cross-Site Scripting: Attackers' New Favorite Flaw
Web vulns top security threat index
Web flaws race ahead in 2006
Web app vulns go 1,2,3

"For 2006, 21.5 percent of the CVEs were XSS; 14 percent SQL injection; 9.5 percent php "includes" and 7.9 buffer overflow. Last year was the first time XSS jumped ahead of buffer overflows, with 16 percent; SQL injection accounted for 12.9 percent; and buffer overflows accounted for 9.8 percent."

Summarized Honeypot Compromises (2006)
All compromises were from web application security vulnerabilties or weak passwords.

No comments: