June 7, 2010

Web application vulnerability statistics 2009

Many years’ assessment practice of the PT Research analytic center and the experience of the Positive Technologies company in penetration testing and information security auditing show that errors in web application protection still are among the most common information security shortcomings. Moreover, web application vulnerabilities represent one of the most widespread ways for attackers to penetrate into enterprise information systems; there is a great number of factors that make web services an attractive target for attacks.

When designing applications, developers usually aim their best efforts at functionality implementation; the problems of information security and code quality are given short shrift. As a result, the overwhelming majority of web applications contain vulnerability of various risk levels.