WhiteHat Security, the Web security company, today released the twelfth installment of the WhiteHat Security Website Security Statistics Report. The report reviewed serious vulnerabilities* in websites during the 2011 calendar year, examining the severity and duration of the most critical vulnerabilities from 7,000 websites across major vertical markets. Among the findings in the report, WhiteHat research suggests that the average number of serious vulnerabilities found per website per year in 2011 was 79, a substantial reduction from 230 in 2010 and down from 1,111 in 2007. Despite the significant improvement in the state of website security, organizational challenges in creating security programs that balance breadth of coverage and depth of testing leave large-scale attack surfaces or small, but very high-risk vulnerabilities open to attackers.
The report examined data from more than 7,000 websites across over 500 organizations that are continually assessed for vulnerabilities by WhiteHat Security’s family of Sentinel Services. This process provides a real-world look at website security across a range of vertical markets, including findings from the energy and non-profit verticals for the first time this year. The metrics provided serve as a foundation for improving enterprise application security online.