A Greek company SYNTAX has just published a report on security vulnerabilities prevalence in web applications. These results are interesting as they provide yet another insight into prevalence and impact of application vulnerabilities in real world, a topic that I have discussed in more details a few months ago (Most common attacks on web applications).
SYNTAX results summary:
- From the web applications tested, 1 out of 4 (24.77%) suffer from Platform Security Misconfiguration.
- A very large portion of vulnerabilities identified (16.21%) affect Data Validation and Encoding issues.
- Equally number of vulnerabilities affects the Communications’ Security (14.98%) and the Session Management (14.68%) of the web applications.
- The majority of vulnerabilities identified in mobile applications affect the handling and storage of the data (37.50%).
- The dominant section of source code vulnerabilities affects the Input Validation (25.78%). </ul> The report: http://syntax.gr/2011/banners/Syntax%20App%20Sec%20AnnualReport.pdf As one of the co-authors suggested privately, these results are based on analysis of around 100-200 websites.