• ::  Contact a Representative  ::  Information Center   ::  Contact WhiteHat  ::

• Home
• Sentinel Services
• Education Services
• Events & Webinars
• In the News
• Resources
•    Whitepapers
•    Videos & Presentations
•    Jeremiah Grossman Blog
•    Statistics Report
•    Sentinel Update
• Real-World Solutions
• Partners
• Support
• About WhiteHat

WhiteHat Security Website Security Statistics Report ::

March 2008 Edition

Web application layer attacks continue unabated. The issue is gaining awareness in the media and the enterprise as attacks become more targeted and organizations seek solutions.

After two years of examining the state of website security in this report, we have seen the number and type of website attacks continue to rise. That means more sensitive information including social security numbers, credit card, names, addresses, birth dates, financial records, trade secrets, medical data are at risk than ever before. This data must be rigorously protected to reduce the risk of financial losses, brand damage, theft of intellectual property, legal liability and fines.

Vulnerability Prevalence by Severity Rating
While nine in ten websites have at least one vulnerability, this metric alone doesn’t necessarily place a company or its data at serious risk, as these could include low severity issues. The fact is not all vulnerabilities are created equal, making it important to consider the “severity” of an issue and not just raw numbers. Using the Payment Card Industry Data Security Standard11 (PCI-DSS) severity system (Urgent, Critical, High, Medium, Low) as a baseline, WhiteHat Security ranks vulnerability severity by the potential business impact if the issue were to be exploited. It should also be noted that according the PCI-DSS, any websites with URGENT, CRITICAL, or HIGH severity issues are considered non-compliant... More ›››

Listen to the presentation* ››› (65 minutes)
Download a PDF of the presentation ››› (849 KB PDF)
Download a PDF of the the report ›››

October 2007 Edition

WhiteHat Sentinel is a customer controlled and expert managed service providing website vulnerability assessments on an ongoing basis. Customers subscribe annually, and weekly hundreds of the largest and most popular public-facing and pre-production websites are analyzed for vulnerabilities using our unique methodology and three-phase process. Our proprietary technology scans technical vulnerabilities, our experts creates custom checks for each website in the platform to uncover business logic flaws, and all results are verified to remove false-positives. As the only company with access to this amount of website vulnerability data, we can accurately identify which issues are the most prevalent and then trend across major vertical markets including retail, financial, insurance, healthcare and IT industries... Register to download a PDF copy of the report. ›››

April 2007 Edition The Web application layer is the top target for malicious online attacks. The prevalence of website vulnerabilities undoubtedly contributes to this trend, along with the relative ease with which criminals are able to monetize and exploit their illegal activity. Indeed, many of the largest incidents are a direct result of exploitation of Web application vulnerabilities. Enterprises that want to reduce the risk of financial losses, brand damage, theft of intellectual property, legal liability and fines need to remain informed about how websites are able to be penetrated and how they can best be defended. WhiteHat Security is in a unique position to compile this data and put it to work. Our second release of the Web Application Security Risk Report continues to deliver actionable information and raise awareness about the vulnerabilities in custom Web applications... Register to download a copy of the report. ›››

January 2007 Edition Register to download a copy of the report ›››

• :: 2008 © Copyright WhiteHat Security, Inc.  ::  408.343.8300   ::   3003 Bunker Hill Lane, Santa Clara, CA 95054   ::   Contact the Webmaster   ::