tag:blogger.com,1999:blog-13756280.post4866184022847282249..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Web Application Security Professionals Survey (Jan. 2007)Jeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-13756280.post-89956508322226664072007-09-30T11:45:00.000-07:002007-09-30T11:45:00.000-07:00Nice survey, Jeremiah, like all your surveys. And ...Nice survey, Jeremiah, like all your surveys. And I'm still waiting for new one ;-).<BR/><BR/>I decide to draw your attention to some mistakes in statistics.<BR/><BR/>Q1) total 99%, must be 100%.<BR/>Q3) total 98%, must be 100%.<BR/>Q4) total 101%, must be 100%.<BR/>Q5) total 99%, must be 100%.<BR/>Q6) total 99%, must be 100%.<BR/>Q9) total 94%, must be 100%.<BR/>The funniest: No Answer (5%), on graph is 12% and must be 11%.<BR/>Q10) total 99%, must be 100%.<BR/><BR/>What was with you, dude? It is funky statistics :-). You really need to go back to school. When your children will grow up, you must visit some lessons (math) with them ;-).Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-27820657731289377902007-01-19T09:18:00.000-08:002007-01-19T09:18:00.000-08:00Thanks Jungsonn and jmitch. Its nice to have some ...Thanks Jungsonn and jmitch. Its nice to have some "wisdom of the crowds" coming out of webappsec isn't it.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-52926796526891845972007-01-19T09:12:00.000-08:002007-01-19T09:12:00.000-08:00I am relatively new to the Security field.. (less ...I am relatively new to the Security field.. (less than 2 yrs) This was great to read. It is nice to know I am on the right path for my 2007 goals. This is also greatly inspiring to continue a weekly commit to keep up with and contribute to this level of expertise.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-90247134926807612862007-01-19T08:17:00.000-08:002007-01-19T08:17:00.000-08:00Excellent stuff Jeremiah, it sheds a real limeligh...Excellent stuff Jeremiah, it sheds a real limelight on the field we're in.<br /><br />"My Brain" with about 10. <br /><br />Glad to see some with a brain also! :)<br /><br />-Jungsonn.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-13036131515604353182007-01-18T21:53:00.000-08:002007-01-18T21:53:00.000-08:00Ahh man, I don't want to have to recount them! :) ...Ahh man, I don't want to have to recount them! :) I do however remember the rough approxomation.<br /><br />Q11) The Top 3 were close, maybe about 15 - 20 votes each. Scaling down evenly from there. After about "XSS (Cross Site Scripting) Cheat Sheet", the numbers were 1 vote a piece.<br /><br />Q12) Paros and Burp were very close with roughly 20 votes each, trailed by "My Brain" with about 10. Scaling down fairly evenly from there. After "Fiddler", 1 vote a piece.<br /><br />Q13) XSS and CSRF were by far and away the most popular attacks cited. About 20 votes each. Web Worms wasn't too far behind that. And even decline from there until Denial of Service where it dropped off to 1 vote a piece.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-22681504036159815612007-01-18T14:01:00.000-08:002007-01-18T14:01:00.000-08:00Can we get the distribution of the Q11,12,13? I me...Can we get the distribution of the Q11,12,13? I mean I'd like to know if 40 people said 'Paros' and also the repartition of tools :)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-29386073828357405282007-01-18T11:19:00.000-08:002007-01-18T11:19:00.000-08:00Q11,12, and 13 are in order of popularity. Q14 and...Q11,12, and 13 are in order of popularity. Q14 and 15 are random.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-77101781829678362682007-01-18T11:09:00.000-08:002007-01-18T11:09:00.000-08:00Were the replies to questions 11 - 15 in order of ...Were the replies to questions 11 - 15 in order of votes or just random?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-90560509550046092492007-01-18T10:33:00.000-08:002007-01-18T10:33:00.000-08:00Feb, maybe early Mar, we'll see. And no, absolutel...Feb, maybe early Mar, we'll see. And no, absolutely no names or contact information is released. Basically its to make sure no fake submissions comes in.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-69567674954016031252007-01-18T09:49:00.000-08:002007-01-18T09:49:00.000-08:00Dang, I found it a day late. Guess I'll have to wa...Dang, I found it a day late. Guess I'll have to wait for Feb.<br /><br />Since you've asked people to submit their answers from Business accounts I'm assuming the addresses will never be shared or published?Rick (kingthorin)https://www.blogger.com/profile/09948691148221114568noreply@blogger.com