WEBSITE SECURITY STATISTICS REPORT | MAY 2013 1WEBSITE SECURITYSTATISTICS REPORTMAY 2013
WEBSITE SECURITY STATISTICS REPORT | MAY 20132INTRODUCTIONWhiteHat Security’s Website Security Statistics Report provides ...
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 3NEXECUTIVE SUMMARY
WEBSITE SECURITY STATISTICS REPORT | MAY 20134
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 5
WEBSITE SECURITY STATISTICS REPORT | MAY 20136
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 7KEY FINDINGS
WEBSITE SECURITY STATISTICS REPORT | MAY 20138
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 9200710008004006002002008 2009 2009 2010 2011AT A GLANCE:THE CURRENT STATE O...
WEBSITE SECURITY STATISTICS REPORT | MAY 201310
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 11
WEBSITE SECURITY STATISTICS REPORT | MAY 201312
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 13
WEBSITE SECURITY STATISTICS REPORT | MAY 201314
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 15MOST COMMON VULNERABILITIES
WEBSITE SECURITY STATISTICS REPORT | MAY 201316
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 17
WEBSITE SECURITY STATISTICS REPORT | MAY 201318
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 19Cross-Site ScriptingInformation LeakageContent SpoofingCross-Site Request ...
WEBSITE SECURITY STATISTICS REPORT | MAY 201320C-level executives, managers, and software developers often ask their secur...
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 21MOST COMMONVULNERABILITIESAT A GLANCEEXPOSURE AND CURRENT DEFENSEPERCENT O...
WEBSITE SECURITY STATISTICS REPORT | MAY 201322MOST COMMONVULNERABILITIESAT A GLANCEEXPOSURE AND CURRENT DEFENSEPERCENT OF...
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 23MOST COMMONVULNERABILITIESAT A GLANCEEXPOSURE AND CURRENT DEFENSEPERCENT O...
WEBSITE SECURITY STATISTICS REPORT | MAY 201324MOST COMMONVULNERABILITIESAT A GLANCEEXPOSURE AND CURRENT DEFENSEPERCENT OF...
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 25MOST COMMONVULNERABILITIESAT A GLANCEEXPOSURE AND CURRENT DEFENSEPERCENT O...
WEBSITE SECURITY STATISTICS REPORT | MAY 201326SURVEY
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 27
WEBSITE SECURITY STATISTICS REPORT | MAY 201328(Figure 7) (Figure 8)
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 29(Figure 9)
WEBSITE SECURITY STATISTICS REPORT | MAY 201330(Figure 11).(Figure 10)
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 31
WEBSITE SECURITY STATISTICS REPORT | MAY 201332(Figure 14) (Figure 15)
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 33(Figure 16) (Figure 17)(Figure 18)
WEBSITE SECURITY STATISTICS REPORT | MAY 201334(Figure 20)
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 35(Figure 24)(Figure 21) (Figure 22)(Figure 23)
WEBSITE SECURITY STATISTICS REPORT | MAY 201336Figure 25).
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 37
WEBSITE SECURITY STATISTICS REPORT | MAY 201338
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 39Answer:SOFTWAREDEVELOPMENTAnswer:SECURITYDEPARTMENTAnswer:BOARD OF DIRECTO...
WEBSITE SECURITY STATISTICS REPORT | MAY 201340
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 41
WEBSITE SECURITY STATISTICS REPORT | MAY 201342
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 43
WEBSITE SECURITY STATISTICS REPORT | MAY 201344
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 45
WEBSITE SECURITY STATISTICS REPORT | MAY 201346(Figure 37). (Figure 38).(Figure 39). (Figure 40).
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 47RECOMMENDATIONS
WEBSITE SECURITY STATISTICS REPORT | MAY 201348
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 49
WEBSITE SECURITY STATISTICS REPORT | MAY 201350
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 51•••••
WEBSITE SECURITY STATISTICS REPORT | MAY 201352
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 53Top 10 Vulnerability Classes (2011)(Sorted by vulnerability class)Overall ...
Upcoming SlideShare
Loading in …5
×

WhiteHat Security WEBSITE SECURITY STATISTICS REPORT MAY 2013

383 views

Published on

Jeremiah Grossman and Gabriel Gumbs the WhiteHat Security Website Security Statistics Report, MAY 2013

The WhiteHat Website Security Statistics Report provides a one-of-a-kind perspective on the state of website security and the issues that organizations must address to avert attack. WhiteHat has been publishing the report, which highlights the top ten vulnerabilities, vertical market trends and new attack vectors, since 2006. The WhiteHat report presents a statistical picture of current website vulnerabilities, accompanied by WhiteHat expert analysis and recommendations. WhiteHat’s report is the only one in the industry to focus solely on unknown vulnerabilities in custom Web applications, code unique to an organization, within real-world websites.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
383
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WhiteHat Security WEBSITE SECURITY STATISTICS REPORT MAY 2013

  1. 1. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 1WEBSITE SECURITYSTATISTICS REPORTMAY 2013
  2. 2. WEBSITE SECURITY STATISTICS REPORT | MAY 20132INTRODUCTIONWhiteHat Security’s Website Security Statistics Report provides a one-of-a-kind perspective on the state ofwebsite security and the issues that organizations must address in order to conduct business online safely.Website security is an ever-moving target. New website launches are common, new code is releasedconstantly, new Web technologies are created and adopted every day; as a result, new attack techniques arefrequently disclosed that can put every online business at risk. In order to stay protected, enterprises mustreceive timely information about how they can most efficiently defend their websites, gain visibility into theperformance of their security programs, and learn how they compare with their industry peers. Obtainingthese insights is crucial in order to stay ahead and truly improve enterprise website security.To help, WhiteHat Security has been publishing its Website Security Statistics Report since 2006. This reportis the only one that focuses exclusively on unknown vulnerabilities in custom Web applications, code thatis unique to an organization, and found in real-world websites. The underlying data is hundreds of terabytesin size, comprises vulnerability assessment results from tens of thousands of websites across hundreds of themost well-known organizations, and collectively represents the largest and most accurate picture of websitesecurity available. Inside this report is information about the most prevalent vulnerabilities, how many getfixed, how long the fixes can take on average, and how every application security program may measurablyimprove. The report is organized by industry, and is accompanied by WhiteHat Security’s expert analysis andrecommendations.Through its Software-as-a-Service (SaaS) offering, WhiteHat Sentinel, WhiteHat Security is uniquely positionedto deliver the depth of knowledge that organizations require to protect their brands, attain compliance, andavert costly breaches.ABOUT WHITEHAT SECURITYFounded in 2001 and headquartered in Santa Clara, California, WhiteHat Security provides end-to-endsolutions for Web security. The company’s cloud website vulnerability management platform and leadingsecurity engineers turn verified security intelligence into actionable insights for customers. Through acombination of core products and strategic partnerships, WhiteHat Security provides complete Web securityat a scale and accuracy unmatched in the industry. WhiteHat Sentinel, the company’s flagship product line,currently manages more than 15,000 websites – including sites in the most regulated industries, such as tope-commerce, financial services and healthcare companies.
  3. 3. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 3NEXECUTIVE SUMMARY
  4. 4. WEBSITE SECURITY STATISTICS REPORT | MAY 20134
  5. 5. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 5
  6. 6. WEBSITE SECURITY STATISTICS REPORT | MAY 20136
  7. 7. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 7KEY FINDINGS
  8. 8. WEBSITE SECURITY STATISTICS REPORT | MAY 20138
  9. 9. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 9200710008004006002002008 2009 2009 2010 2011AT A GLANCE:THE CURRENT STATE OF WEBSITE SECURITY
  10. 10. WEBSITE SECURITY STATISTICS REPORT | MAY 201310
  11. 11. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 11
  12. 12. WEBSITE SECURITY STATISTICS REPORT | MAY 201312
  13. 13. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 13
  14. 14. WEBSITE SECURITY STATISTICS REPORT | MAY 201314
  15. 15. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 15MOST COMMON VULNERABILITIES
  16. 16. WEBSITE SECURITY STATISTICS REPORT | MAY 201316
  17. 17. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 17
  18. 18. WEBSITE SECURITY STATISTICS REPORT | MAY 201318
  19. 19. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 19Cross-Site ScriptingInformation LeakageContent SpoofingCross-Site Request ForgeryBrute ForceInsufficient Transport Layer ProtectionInsufficient AuthorizationSQLOther43%11%7%12%13%injection
  20. 20. WEBSITE SECURITY STATISTICS REPORT | MAY 201320C-level executives, managers, and software developers often ask their security teams, “How arewe doing? Are we safe, are we secure?” The real thing they may be asking for is a sense of howthe organization’s current security posture compares to their peers or competitors. They wantto know if the organization is leading, falling way behind, or is somewhere in between withrespect to their security posture. The answers to that question are extremely helpful for progresstracking and goal setting.What many do not first consider is that some organizations (or particular websites) are ‘targetsof opportunity,’ while others are ‘targets of choice.’ Targets of opportunity are breached whentheir security posture is weaker than the average organization (in their industry) – and they getunlucky in the total pool of potential victims. Targets of choice possess some type of uniqueand valuable information, or perhaps a reputation or brand that is particularly attractive to amotivated attacker. The attackers know precisely whom – or what – they want to penetrate.Here’s the thing: since ‘100% security’ is an unrealistic goal – mostly because it is flatlyimpossible, and the attempt is prohibitively expensive and for many completely unnecessary– it is imperative for every organization to determine if they most likely represent a target ofopportunity or choice. In doing so an organization may establish and measure against a “secureenough” bar.If an organization is a target of opportunity, a goal of being just above average with respect towebsite security among peers is reasonable. The bad guy will generally prefer to attack weaker,and therefore easier to breach, targets. On the other hand, if an organization is a target ofchoice, that organization must elevate its website security posture to a point where an attacker’sefforts are detectable, preventable, and in case of a compromise, survivable. This is due to thefact that an adversary will spend whatever time is necessary looking for gaps in the defenses toexploit.Whether an organization is a target of choice or a target of opportunity, the following IndustryScorecards have been prepared to help organizations to visualize how its security posturecompares to its peers (provided they know their own internal metrics, of course).INDUSTRY SCORECARDS
  21. 21. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 21MOST COMMONVULNERABILITIESAT A GLANCEEXPOSURE AND CURRENT DEFENSEPERCENT OF SERIOUS*VULNERABILITIESTHAT HAVE BEEN FIXEDAVERAGE TIMETO FIXPERCENT OF ANALYZEDSITES WITH A SERIOUS*VULNERABILITYAVERAGE NUMBER OFSERIOUS* VULNERABILITIESPER SITE PER YEAR81%54%107DAYS11Cross-SiteScripting*InformationLeakage*ContentSpoofing*Cross-SiteRequest Forgery*Brute Force* Fingerprinting* InsufficientAuthorization*30%20%10% 26% 21% 9% 9% 8% 8% 5%Banking Industry ScorecardApril 201324% 33% 9% 11% 24%THE CURRENTSTATE OFWEBSITE SECURITYTOP SEVENVULNERABILITYCLASSESCURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLSUSED BY ORGANIZATIONS*The percent of sites that had at least one example of...*Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements.DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIESProgrammers receive instructor led or computer-based software security trainingApplications contain a library or framework that centralizes and enforces security controlsPerform Static Code Analysis on their website(s) underlying applicationsWeb Application Firewall DeployedTransactional / Anti-Fraud Monitoring System Deployed80%100%60%40%20% 57% 29%57%29% 71%24% Always Vulnerable33% Frequently Vulnerable 271-364 days a year9% Regularly Vulnerable 151-270 days a year11% Occasionally Vulnerable 31-150 days a yearRarely Vulnerable 30 days or less a year
  22. 22. WEBSITE SECURITY STATISTICS REPORT | MAY 201322MOST COMMONVULNERABILITIESAT A GLANCEEXPOSURE AND CURRENT DEFENSEPERCENT OF SERIOUS*VULNERABILITIESTHAT HAVE BEEN FIXEDAVERAGE TIMETO FIXPERCENT OF ANALYZEDSITES WITH A SERIOUS*VULNERABILITYAVERAGE NUMBER OFSERIOUS* VULNERABILITIESPER SITE PER YEAR81%67%226DAYS50Cross-SiteScripting*InformationLeakage*ContentSpoofing*SQL injection*Cross-Siterequest Forgery*Brute Force* DirectoryIndexing*30%20%10% 31% 25% 12% 9% 8% 7% 7%Financial ServicesIndustry ScorecardTHE CURRENTSTATE OFWEBSITE SECURITYTOP SEVENVULNERABILITYCLASSESCURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLSUSED BY ORGANIZATIONS*The percent of sites that had at least one example of...*Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements.DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIESProgrammers receive instructor led or computer-based software security trainingApplications contain a library or framework that centralizes and enforces security controlsPerform Static Code Analysis on their website(s) underlying applicationsWeb Application Firewall DeployedTransactional / Anti-Fraud Monitoring System Deployed80%100%60%40%20% 64% 70%50%50% 40%28% Always Vulnerable38% Frequently Vulnerable 271-364 days a year10% Regularly Vulnerable 151-270 days a year10% Occasionally Vulnerable 31-150 days a year23% Rarely Vulnerable 30 days or less a year28% 28% 10% 10% 23%
  23. 23. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 23MOST COMMONVULNERABILITIESAT A GLANCEEXPOSURE AND CURRENT DEFENSEPERCENT OF SERIOUS*VULNERABILITIESTHAT HAVE BEEN FIXEDAVERAGE TIMETO FIXPERCENT OF ANALYZEDSITES WITH A SERIOUS*VULNERABILITYAVERAGE NUMBER OFSERIOUS* VULNERABILITIESPER SITE PER YEAR90%53%276DAYS22Cross SiteScripting*InformationLeakage*ContentSpoofing*Brute Force*InsufficentTransportLayer Protection*Cross SiteRequestForgery*SessionFixation*30%20%10% 40% 29% 22% 13% 12% 10% 9%Healthcare Industry ScorecardApril 2013THE CURRENTSTATE OFWEBSITE SECURITYTOP SEVENVULNERABILITYCLASSESCURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLSUSED BY ORGANIZATIONS*The percent of sites that had at least one example of...*Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements.DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIESProgrammers receive instructor led or computer-based software security trainingApplications contain a library or framework that centralizes and enforces security controlsPerform Static Code Analysis on their website(s) underlying applicationsWeb Application Firewall DeployedTransactional / Anti-Fraud Monitoring System Deployed80%100%60%40%20% 67% 67%83%50% 34%48% Always Vulnerable22% Frequently Vulnerable 271-364 days a year12% Regularly Vulnerable 151-270 days a year7% Occasionally Vulnerable 31-150 days a year10% Rarely Vulnerable 30 days or less a year49% 22% 12% 7% 10%
  24. 24. WEBSITE SECURITY STATISTICS REPORT | MAY 201324MOST COMMONVULNERABILITIESAT A GLANCEEXPOSURE AND CURRENT DEFENSEPERCENT OF SERIOUS*VULNERABILITIESTHAT HAVE BEEN FIXEDAVERAGE TIMETO FIXPERCENT OF ANALYZEDSITES WITH A SERIOUS*VULNERABILITYAVERAGE NUMBER OFSERIOUS* VULNERABILITIESPER SITE PER YEAR91 %54%224DAYS106Cross SiteScripting*InformationLeakage*ContentSpoofing*Brute Force* SQL Injection*Cross SiteRequestForgery*DirectoryIndexing*30%20%10% 31% 25% 12% 9% 8% 7% 7%Retail Industry ScorecardApril 2013THE CURRENTSTATE OFWEBSITE SECURITYTOP SEVENVULNERABILITYCLASSESCURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLSUSED BY ORGANIZATIONS*The percent of sites that had at least one example of...*Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements.DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIESProgrammers receive instructor led or computer-based software security trainingApplications contain a library or framework that centralizes and enforces security controlsPerform Static Code Analysis on their website(s) underlying applicationsWeb Application Firewall DeployedTransactional / Anti-Fraud Monitoring System Deployed80%100%60%40%20% 73% 60%90%70% 70%54% Always Vulnerable21% Frequently Vulnerable 271-364 days a year6% Regularly Vulnerable 151-270 days a year5% Occasionally Vulnerable 31-150 days a year13% Rarely Vulnerable 30 days or less a year54% 21% 6% 5% 13%
  25. 25. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 25MOST COMMONVULNERABILITIESAT A GLANCEEXPOSURE AND CURRENT DEFENSEPERCENT OF SERIOUS*VULNERABILITIESTHAT HAVE BEEN FIXEDAVERAGE TIMETO FIXPERCENT OF ANALYZEDSITES WITH A SERIOUS*VULNERABILITYAVERAGE NUMBER OFSERIOUS* VULNERABILITIESPER SITE PER YEAR85%61 %71DAYS18Cross-SiteScripting*InformationLeakage*ContentSpoofing*Cross-SiteRequest Forgery*Brute Force*Fingerprinting* URL RedirectorAbuse*30%20%10% 41% 35% 19% 18% 14% 12% 12%TechnologyIndustry ScorecardApril 20135% 64% 10% 9% 11%THE CURRENTSTATE OFWEBSITE SECURITYTOP SEVENVULNERABILITYCLASSESCURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLSUSED BY ORGANIZATIONS*The percent of sites that had at least one example of...*Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements.DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIESProgrammers receive instructor led or computer-based software security trainingApplications contain a library or framework that centralizes and enforces security controlsPerform Static Code Analysis on their website(s) underlying applicationsWeb Application Firewall DeployedTransactional / Anti-Fraud Monitoring System Deployed80%100%60%40%20% 48% 52%96%72% 32%5% Always Vulnerable64% Frequently Vulnerable 271-364 days a year10% Regularly Vulnerable 151-270 days a year9% Occasionally Vulnerable 31-150 days a year11% Rarely Vulnerable 30 days or less a year
  26. 26. WEBSITE SECURITY STATISTICS REPORT | MAY 201326SURVEY
  27. 27. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 27
  28. 28. WEBSITE SECURITY STATISTICS REPORT | MAY 201328(Figure 7) (Figure 8)
  29. 29. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 29(Figure 9)
  30. 30. WEBSITE SECURITY STATISTICS REPORT | MAY 201330(Figure 11).(Figure 10)
  31. 31. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 31
  32. 32. WEBSITE SECURITY STATISTICS REPORT | MAY 201332(Figure 14) (Figure 15)
  33. 33. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 33(Figure 16) (Figure 17)(Figure 18)
  34. 34. WEBSITE SECURITY STATISTICS REPORT | MAY 201334(Figure 20)
  35. 35. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 35(Figure 24)(Figure 21) (Figure 22)(Figure 23)
  36. 36. WEBSITE SECURITY STATISTICS REPORT | MAY 201336Figure 25).
  37. 37. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 37
  38. 38. WEBSITE SECURITY STATISTICS REPORT | MAY 201338
  39. 39. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 39Answer:SOFTWAREDEVELOPMENTAnswer:SECURITYDEPARTMENTAnswer:BOARD OF DIRECTORSAnswer:EXECUTIVEMANAGEMENTQuestion:If an organization experiences a website(s) dataor system breach, which part of the organization is heldaccountable and and what is its performance?3rd1St2nd4th4th3rd3rd1st3rd2nd1st2ndAverage Vulnerabilitiesper Site RankingAverage Time to Fix aVulnerability RankingAverage Number ofVulnerabilities Fixed Ranking
  40. 40. WEBSITE SECURITY STATISTICS REPORT | MAY 201340
  41. 41. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 41
  42. 42. WEBSITE SECURITY STATISTICS REPORT | MAY 201342
  43. 43. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 43
  44. 44. WEBSITE SECURITY STATISTICS REPORT | MAY 201344
  45. 45. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 45
  46. 46. WEBSITE SECURITY STATISTICS REPORT | MAY 201346(Figure 37). (Figure 38).(Figure 39). (Figure 40).
  47. 47. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 47RECOMMENDATIONS
  48. 48. WEBSITE SECURITY STATISTICS REPORT | MAY 201348
  49. 49. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 49
  50. 50. WEBSITE SECURITY STATISTICS REPORT | MAY 201350
  51. 51. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 51•••••
  52. 52. WEBSITE SECURITY STATISTICS REPORT | MAY 201352
  53. 53. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 53Top 10 Vulnerability Classes (2011)(Sorted by vulnerability class)Overall Vulnerability Population (2011)Percentage breakdown of all the serious* vulnerabilities discovered(Sorted by vulnerability class)

×