Web Security Reports

WhiteHat Website Security Statistics Report

The WhiteHat Website Security Statistics Report provides a one-of-a-kind perspective on the state of website security and the issues that organizations must address to avert attack. WhiteHat has been publishing the report, which highlights the top ten vulnerabilities, vertical market trends and new attack vectors, since 2006. The WhiteHat report presents a statistical picture of current website vulnerabilities, accompanied by WhiteHat expert analysis and recommendations. WhiteHat’s report is the only one in the industry to focus solely on unknown vulnerabilities in custom Web applications, code unique to an organization, within real-world websites.

WhiteHat Security Reveals New Trends in Web Vulnerabilities with Annual Website Security Statistics Report

Download a PDF of the the Report (Registration Required) ›› PDF

WhiteHat’s  Website Security Statistics Report (13th Edition) provides a unique perspective on the state of website security and the issues that organizations must address to avert attack.

In addition to highlighting the Top 10 vulnerabilities vertical market trends and new attack vectors, this year’s report for the first time correlates vulnerability data from tens of thousands of websites from more than 650 organizations, continually monitored by WhiteHat Sentinel Services, with software development lifecycle (SDLC) activity data obtained from 76 survey respondents.

Key findings include:

From a vulnerability class perspective, the research team made these discoveries:

  • Cross-Site Scripting regains the number one spot after being overtaken by Information Leakage last year in all but one language. .Net has Information Leakage as the number one vulnerability, followed by Cross-Site Scripting.
  • ColdFusion has a rate of 11% SQL Injection vulnerabilities, the highest observed, followed by ASP with 8% and .NET 6%.
  • Perl has an observed rate of 67% Cross-Site Scripting vulnerabilities, over 17% more than any other language.
  • There was less than a 2% difference among the languages with Cross-Site Request Forgery.
  • Many vulnerabilities classes were not affected by language choice.

*Serious vulnerabilities are defined as those in which an attacker could take control over all, or some part, of the website, compromise user accounts on the system, access sensitive data, violate compliance requirements, and possibly make headline news. In short, serious vulnerabilities are those that should really be fixed.

Click Here for the Full Report

Click Here for an On-Demand Webinar with Jeremiah Grossman: WhiteHat Website Security Statistics Report 2013 Revealed ›› PDF

Past Editions of the Website Security Statistics Report

Fall 2014 – 13th Edition – Website Security Statistics Report
Download a PDF of the the report
(4 MB) ››› PDF

Winter 2012 – 12th Edition – Website Security Statistics Report
Download a PDF of the the report
(4 MB) ››› PDF

Winter 2011 – 11th Edition – Website Security Statistics Report
Download a PDF of the the report
(5.2 MB) ››› PDF

Fall 2010 – 10th Edition – Website Security Statistics Report
Listen to the presentation (50 minutes) ››› WebEx
Download a PDF of the the report ››› PDF
Download a PDF of the presentation (2 MB PDF) ››› PDF

Spring 2010 – 9th Edition – Website Security Statistics Report
Listen to the presentation (43 minutes) ››› WebEx
Download a PDF of the the report ››› PDF
Download a PDF of the presentation (2.2 MB PDF) ››› PDF

Fall 2009 – 8th Edition – Website Security Statistics Report
Listen to the presentation (53 minutes) ››› WebEx
Download a PDF of the the report
››› PDF
Download a PDF of the presentation (1.9 MB PDF) ››› PDF

Spring 2009 – 7th Edition – Website Security Statistics Report
Listen to the presentation (46 minutes) ››› WebEx
Download a PDF of the the report ››› PDF
Download a PDF of the presentation (1.3 MB PDF) ››› PDF

 

 

 

 

"Website security is an ever-moving target, and organizations need to better understand how various parts of the SDLC affect the introduction of vulnerabilities, which leave the door open to breaches. This report – comprising survey and website vulnerability data – is the first time we can correlate various software security controls and SDLC behaviors to vulnerability outcomes and breaches. The results are both insightful and complex."

– – Jeremiah Grossman, Founder & CTO, WhiteHat Security

 

 

 


3970 Freedom Circle, Santa Clara, CA 95054 | 408.343.8300 |
2014 © Copyright | WhiteHat Security
FOLLOW US
Twitter facebook Youtube