WASC Announcement: 2008 Web Application Security Statistics Published




The Web Application Security Consortium (WASC) is pleased to announce
the WASC Web Application Security Statistics Project 2008. This
initiative is a collaborative industry wide effort to pool together
sanitized website vulnerability data and to gain a better understanding
about the web application vulnerability landscape.

The statistics was compiled from web application security assessment
projects which were made by the following companies in 2008 (in
alphabetic order):

* Blueinfy
* Cenzic with Hailstorm
* DNS with WebInspect
* Encription Limited
* HP Application Security Center with WebInspect
* Positive Technologies with MaxPatrol
* Veracode with Veracode Security Review
* WhiteHat Security with WhiteHat Sentinel

The statistics includes data about 12186 sites with 97554 detected
vulnerabilities.

http://projects.webappsec.org/Web-Application-Security-Statistics

If you represent an organization that performs vulnerability assessments
on websites, particular in those in custom web applications, through a
manual or automated process and would like to participate please let us
know. Please contact Sergey Gordeychik (gordey_at_ptsecurity.com).

Regards,
- Sergey Gordeychik
http://www.webappsec.org/ The Web Application Security Consortium


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Root exploit for FreeBSD
    ... This was rejected in favor of me doing security research for ... students followed suit with the dean and tried arguing with me that my code ... mentioned grad students) if it's not "mainstream thinking"...I feel sorry ... I'd skip the statistics in favor of putting together a resume. ...
    (freebsd-current)
  • Re: Root exploit for FreeBSD
    ... This was rejected in favor of me doing security research for ... students followed suit with the dean and tried arguing with me that my code ... mentioned grad students) if it's not "mainstream thinking"...I feel sorry ... I'd skip the statistics in favor of putting together a resume. ...
    (freebsd-questions)
  • [Full-disclosure] WASC Announcement: 2007 Web Application Security Statistics Published
    ... The Web Application Security Consortium is pleased to announce ... the WASC Web Application Security Statistics Project 2007. ... about the web application vulnerability landscape. ... The statistics was compiled from web application security assessment ...
    (Full-Disclosure)
  • WASC Announcement: 2007 Web Application Security Statistics Published
    ... The Web Application Security Consortium is pleased to announce ... the WASC Web Application Security Statistics Project 2007. ... about the web application vulnerability landscape. ... The statistics was compiled from web application security assessment projects ...
    (Bugtraq)
  • RE: How to create security awareness in top management
    ... Some pretty good statistics throughout. ... on specific incidents, but when talking to top management, this has some ... pretty good points that focus on the business aspects of security. ... How to create security awareness in top management ...
    (Security-Basics)