Wednesday, October 21, 2009

Reports, Web Application Security Statistics

Web Application Security Consortium (WASC) released statistics from 2008 project, the goals are:

  1. Identify the prevalence and probability of different vulnerability classes.
  2. Compare testing methodologies against what types of vulnerabilities they are likely to identify.

They have scanned over 12,000 web site, resulting in 4 data sets:
  • Overall statistics by all kinds of activities;
  • Automatic scanning statistics;
  • Black box method security assessment statistics;
  • White box method security assessment statistics.

The report is available here.

No comments: