WhiteHat Website Security Statistics Report

The WhiteHat Website Security Statistics Report provides a one-of-a-kind perspective on the state of website security and the issues that organizations must address to avert attack. WhiteHat has been publishing the report, which highlights the top ten vulnerabilities, vertical market trends and new attack vectors, since 2006. The WhiteHat report presents a statistical picture of current website vulnerabilities, accompanied by WhiteHat expert analysis and recommendations. WhiteHat’s report is the only one in the industry to focus solely on unknown vulnerabilities in custom Web applications, code unique to an organization, within real-world websites.

Fall 2009 – 8th Edition – Website Security Statistics ReportDownload a PDF of the the report ››› PDF
Download a PDF of the presentation (1.9 MB PDF) ››› PDF
Listen to the presentation (53 minutes) ››› WebEx

The fact that the vast majority of websites, including those considered most business critical, are riddled with vulnerabilities is common knowledge to regular readers of this report. Essentially, every other industry report available unanimously agrees Web applications represent the #1 avenue of attack. Unfortunately, what is not well-known is exactly what are the most efficient steps to measurably improve the security posture of an existing website, or one soon to be built. Ironically, there is no shortage of security best-practice recommendations, despite a dearth of metrics to justify the investment. So, enterprises are left to guess, and hope their actions actually decrease the likelihood and impact of an incident.

WhiteHat Security would like to continue its long track record of bringing meaningful metrics to the fore and shedding new light on “what works.” We believe the data gathered by WhiteHat Security contains valuable lessons from those that are “more secure” than rest. In this report we have introduced a new section, Zero-Vulnerability, which is a first-look at various websites which do not currently or have never had serious issues. The goal of this new section is to begin exploring what differences they may have, if any, from those sites which do – have vulnerabilities. What can they teach us about the best-practices they use and how outcomes are affected? Does implementing certain controls equally affect all vulnerabilities in the same way, on the same timeline, or are the results less consistent?

We can make no claim to answer all these questions immediately in this edition of the report, but there are some very interesting observations already. From this point forward, we will continue the process of peeling back the layers so we can ask better questions, and field questions from our readership, and questions from our customers. We are confident that over time new ways of understanding, prioritizing, and addressing Web application security issues will be made readily apparent.

Key Findings

  • 83% of websites have had at least one serious vulnerability
  • 64% of websites currently have at least one serious vulnerability
  • 61% vulnerability resolution-rate with 8,902 unresolved issues remaining
  • Average # of serious vulnerabilities per website during the WhiteHat
    Sentinel assessment lifetime: 16.7
  • Average # of serious severity unresolved vulnerabilities per website: 6.5
  • The vulnerability characteristics of websites currently without any serious issues

Spring 2009 – 7th Edition – Website Security Statistics ReportDownload a PDF of the the report ››› PDF
Listen to the presentation (46 minutes) ››› WebEx
Download a PDF of the presentation (1.3 MB PDF) ››› PDF

December 2008 – 6th Edition – Website Security Statistics ReportDownload a PDF of the the report ››› PDF
Listen to the presentation (55 minutes) ››› WebEx
Download a PDF of the presentation (1.3 MB PDF) ›››PDF

August 2008 – 5th Edition – Website Security Statistics Report

Listen to the presentation ( 68 minutes) ››› WebEx
Download a PDF of the presentation (849 KB PDF) ›››PDF
Download a PDF of the the report ››› PDF

March 2008 – 4th Edition – Website Security Statistics Report

Listen to the presentation (65 minutes) ››› WebEx
Download a PDF of the presentation (849 KB PDF) ››› PDF
Download a PDF of the the report ››› PDF

Past Editions Website Security Statistics Report

October 2007 – 3rd Edition – Website Security Statistics Report
Download a PDF of the report ›››PDF

April 2007 – 2nd Edition – Website Security Statistics Report
Download a copy of the report PDF ›››

January 2007 – 1st Edition – Website Security Statistics Report
Download a copy of the report PDF ›››

 

Web security is a moving target and enterprises need timely information about the latest attack trends, how they can best defend their websites, and visibility into their vulnerability lifecycle. Through its Software-as-a-Service (SaaS) offering, WhiteHat Sentinel, WhiteHat Security is uniquely positioned to deliver the knowledge and solutions that organizations need to protect their brands, attain PCI compliance and avert costly breaches.

The WhiteHat Website Security Statistics Report provides a one-of-a-kind perspective on the state of website security and the issues that organizations must address to safely conduct business online. WhiteHat has been publishing the report, which highlights the top ten vulnerabilities, tracks vertical market trends and identifies new attack techniques, since 2006.

The WhiteHat Security report presents a statistical picture of current website vulnerabilities, accompanied by WhiteHat expert analysis and recommendations. WhiteHat’s report is the only one in the industry to focus solely on unknown vulnerabilities in custom Web applications, code unique to an organization, within real-world websites.

 

 

 
 

 
Website Risk Management  |  Sentinel Services  |  Support Plus  |  Education Services  |  Events & News  |   Resources  |   Partners  |   About WhiteHat
2010 © Copyright  |  WhiteHat Security, Inc.  |  3003 Bunker Hill Lane, Santa Clara, CA 95054  |  408.343.8300  |  Contact the Webmaster