Jeremiah Grossman: Web app vulnw take over top spots

Monday, September 18, 2006

Web app vulnw take over top spots

Web application security is where the action is and more numbers to prove it.

Numbers from Mitre's CVE (via Steve Christey)
Cross-Site Scripting: Attackers' New Favorite Flaw
Web vulns top security threat index
Web flaws race ahead in 2006
Web app vulns go 1,2,3

"For 2006, 21.5 percent of the CVEs were XSS; 14 percent SQL injection; 9.5 percent php "includes" and 7.9 buffer overflow. Last year was the first time XSS jumped ahead of buffer overflows, with 16 percent; SQL injection accounted for 12.9 percent; and buffer overflows accounted for 9.8 percent."

Summarized Honeypot Compromises (2006)
All compromises were from web application security vulnerabilties or weak passwords.

No comments:

Post a Comment

BIO

Jeremiah Grossman brings 20+ years of experience in Computer Security and has become one of the most recognizable and world-renowned cybersecurity experts in the industry, coining several of the original hacking terms commonly used around the world today. Early in his career, Jeremiah was known as “The Hacker Yahoo” which led to his role as the company’s Information Security Officer. Jeremiah founded WhiteHat Security (now Synopsis), and served as Chief of Security Strategy for SentinelOne which was the highest-valued cybersecurity IPO in history. Most recently, Jeremiah was the founder & CEO of Bit Discovery, which was acquired by Tenable in 2022. He also serves as a company advisor and board member to several tech startups. In his spare time, Jeremiah does Brazilian Jiu-Jitsu and is passionate about classic cars. He recently opened Toybox, a luxury car club in Boise, Idaho.