SlideShare a Scribd company logo
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 1
WEBSITE SECURITY
STATISTICS REPORT
MAY 2013
WEBSITE SECURITY STATISTICS REPORT | MAY 20132
INTRODUCTION
WhiteHat Security’s Website Security Statistics Report provides a one-of-a-kind perspective on the state of
website security and the issues that organizations must address in order to conduct business online safely.
Website security is an ever-moving target. New website launches are common, new code is released
constantly, new Web technologies are created and adopted every day; as a result, new attack techniques are
frequently disclosed that can put every online business at risk. In order to stay protected, enterprises must
receive timely information about how they can most efficiently defend their websites, gain visibility into the
performance of their security programs, and learn how they compare with their industry peers. Obtaining
these insights is crucial in order to stay ahead and truly improve enterprise website security.
To help, WhiteHat Security has been publishing its Website Security Statistics Report since 2006. This report
is the only one that focuses exclusively on unknown vulnerabilities in custom Web applications, code that
is unique to an organization, and found in real-world websites. The underlying data is hundreds of terabytes
in size, comprises vulnerability assessment results from tens of thousands of websites across hundreds of the
most well-known organizations, and collectively represents the largest and most accurate picture of website
security available. Inside this report is information about the most prevalent vulnerabilities, how many get
fixed, how long the fixes can take on average, and how every application security program may measurably
improve. The report is organized by industry, and is accompanied by WhiteHat Security’s expert analysis and
recommendations.
Through its Software-as-a-Service (SaaS) offering, WhiteHat Sentinel, WhiteHat Security is uniquely positioned
to deliver the depth of knowledge that organizations require to protect their brands, attain compliance, and
avert costly breaches.
ABOUT WHITEHAT SECURITY
Founded in 2001 and headquartered in Santa Clara, California, WhiteHat Security provides end-to-end
solutions for Web security. The company’s cloud website vulnerability management platform and leading
security engineers turn verified security intelligence into actionable insights for customers. Through a
combination of core products and strategic partnerships, WhiteHat Security provides complete Web security
at a scale and accuracy unmatched in the industry. WhiteHat Sentinel, the company’s flagship product line,
currently manages more than 15,000 websites – including sites in the most regulated industries, such as top
e-commerce, financial services and healthcare companies.
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 3
N
EXECUTIVE SUMMARY
WEBSITE SECURITY STATISTICS REPORT | MAY 20134
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 5
WEBSITE SECURITY STATISTICS REPORT | MAY 20136
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 7
KEY FINDINGS
WEBSITE SECURITY STATISTICS REPORT | MAY 20138
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 9
2007
1000
800
400
600
200
2008 2009 2009 2010 2011
AT A GLANCE:
THE CURRENT STATE OF WEBSITE SECURITY
WEBSITE SECURITY STATISTICS REPORT | MAY 201310
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 11
WEBSITE SECURITY STATISTICS REPORT | MAY 201312
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 13
WEBSITE SECURITY STATISTICS REPORT | MAY 201314
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 15
MOST COMMON VULNERABILITIES
WEBSITE SECURITY STATISTICS REPORT | MAY 201316
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 17
WEBSITE SECURITY STATISTICS REPORT | MAY 201318
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 19
Cross-Site Scripting
Information Leakage
Content Spoofing
Cross-Site Request Forgery
Brute Force
Insufficient Transport Layer Protection
Insufficient Authorization
SQL
Other
43%
11%
7%
12%
13%
injection
WEBSITE SECURITY STATISTICS REPORT | MAY 201320
C-level executives, managers, and software developers often ask their security teams, “How are
we doing? Are we safe, are we secure?” The real thing they may be asking for is a sense of how
the organization’s current security posture compares to their peers or competitors. They want
to know if the organization is leading, falling way behind, or is somewhere in between with
respect to their security posture. The answers to that question are extremely helpful for progress
tracking and goal setting.
What many do not first consider is that some organizations (or particular websites) are ‘targets
of opportunity,’ while others are ‘targets of choice.’ Targets of opportunity are breached when
their security posture is weaker than the average organization (in their industry) – and they get
unlucky in the total pool of potential victims. Targets of choice possess some type of unique
and valuable information, or perhaps a reputation or brand that is particularly attractive to a
motivated attacker. The attackers know precisely whom – or what – they want to penetrate.
Here’s the thing: since ‘100% security’ is an unrealistic goal – mostly because it is flatly
impossible, and the attempt is prohibitively expensive and for many completely unnecessary
– it is imperative for every organization to determine if they most likely represent a target of
opportunity or choice. In doing so an organization may establish and measure against a “secure
enough” bar.
If an organization is a target of opportunity, a goal of being just above average with respect to
website security among peers is reasonable. The bad guy will generally prefer to attack weaker,
and therefore easier to breach, targets. On the other hand, if an organization is a target of
choice, that organization must elevate its website security posture to a point where an attacker’s
efforts are detectable, preventable, and in case of a compromise, survivable. This is due to the
fact that an adversary will spend whatever time is necessary looking for gaps in the defenses to
exploit.
Whether an organization is a target of choice or a target of opportunity, the following Industry
Scorecards have been prepared to help organizations to visualize how its security posture
compares to its peers (provided they know their own internal metrics, of course).
INDUSTRY SCORECARDS
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 21
MOST COMMON
VULNERABILITIES
AT A GLANCE
EXPOSURE AND CURRENT DEFENSE
PERCENT OF SERIOUS*
VULNERABILITIES
THAT HAVE BEEN FIXED
AVERAGE TIME
TO FIX
PERCENT OF ANALYZED
SITES WITH A SERIOUS*
VULNERABILITY
AVERAGE NUMBER OF
SERIOUS* VULNERABILITIES
PER SITE PER YEAR
81%
54%
107
DAYS
11
Cross-Site
Scripting*
Information
Leakage*
Content
Spoofing*
Cross-Site
Request Forgery*
Brute Force* Fingerprinting* Insufficient
Authorization*
30%
20%
10% 26% 21% 9% 9% 8% 8% 5%
Banking Industry ScorecardApril 2013
24% 33% 9% 11% 24%
THE CURRENT
STATE OF
WEBSITE SECURITY
TOP SEVEN
VULNERABILITY
CLASSES
CURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLS
USED BY ORGANIZATIONS
*The percent of sites that had at least one example of...
*Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements.
DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIES
Programmers receive instructor led or computer-based software security training
Applications contain a library or framework that centralizes and enforces security controls
Perform Static Code Analysis on their website(s) underlying applications
Web Application Firewall Deployed
Transactional / Anti-Fraud Monitoring System Deployed
80%
100%
60%
40%
20% 57% 29%57%29% 71%
24% Always Vulnerable
33% Frequently Vulnerable 271-364 days a year
9% Regularly Vulnerable 151-270 days a year
11% Occasionally Vulnerable 31-150 days a year
Rarely Vulnerable 30 days or less a year
WEBSITE SECURITY STATISTICS REPORT | MAY 201322
MOST COMMON
VULNERABILITIES
AT A GLANCE
EXPOSURE AND CURRENT DEFENSE
PERCENT OF SERIOUS*
VULNERABILITIES
THAT HAVE BEEN FIXED
AVERAGE TIME
TO FIX
PERCENT OF ANALYZED
SITES WITH A SERIOUS*
VULNERABILITY
AVERAGE NUMBER OF
SERIOUS* VULNERABILITIES
PER SITE PER YEAR
81%
67%
226
DAYS
50
Cross-Site
Scripting*
Information
Leakage*
Content
Spoofing*
SQL injection*Cross-Site
request Forgery*
Brute Force* Directory
Indexing*
30%
20%
10% 31% 25% 12% 9% 8% 7% 7%
Financial Services
Industry Scorecard
THE CURRENT
STATE OF
WEBSITE SECURITY
TOP SEVEN
VULNERABILITY
CLASSES
CURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLS
USED BY ORGANIZATIONS
*The percent of sites that had at least one example of...
*Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements.
DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIES
Programmers receive instructor led or computer-based software security training
Applications contain a library or framework that centralizes and enforces security controls
Perform Static Code Analysis on their website(s) underlying applications
Web Application Firewall Deployed
Transactional / Anti-Fraud Monitoring System Deployed
80%
100%
60%
40%
20% 64% 70%50%50% 40%
28% Always Vulnerable
38% Frequently Vulnerable 271-364 days a year
10% Regularly Vulnerable 151-270 days a year
10% Occasionally Vulnerable 31-150 days a year
23% Rarely Vulnerable 30 days or less a year
28% 28% 10% 10% 23%
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 23
MOST COMMON
VULNERABILITIES
AT A GLANCE
EXPOSURE AND CURRENT DEFENSE
PERCENT OF SERIOUS*
VULNERABILITIES
THAT HAVE BEEN FIXED
AVERAGE TIME
TO FIX
PERCENT OF ANALYZED
SITES WITH A SERIOUS*
VULNERABILITY
AVERAGE NUMBER OF
SERIOUS* VULNERABILITIES
PER SITE PER YEAR
90%
53%
276
DAYS
22
Cross Site
Scripting*
Information
Leakage*
Content
Spoofing*
Brute Force*Insufficent
Transport
Layer Protection*
Cross Site
Request
Forgery*
Session
Fixation*
30%
20%
10% 40% 29% 22% 13% 12% 10% 9%
Healthcare Industry ScorecardApril 2013
THE CURRENT
STATE OF
WEBSITE SECURITY
TOP SEVEN
VULNERABILITY
CLASSES
CURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLS
USED BY ORGANIZATIONS
*The percent of sites that had at least one example of...
*Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements.
DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIES
Programmers receive instructor led or computer-based software security training
Applications contain a library or framework that centralizes and enforces security controls
Perform Static Code Analysis on their website(s) underlying applications
Web Application Firewall Deployed
Transactional / Anti-Fraud Monitoring System Deployed
80%
100%
60%
40%
20% 67% 67%83%50% 34%
48% Always Vulnerable
22% Frequently Vulnerable 271-364 days a year
12% Regularly Vulnerable 151-270 days a year
7% Occasionally Vulnerable 31-150 days a year
10% Rarely Vulnerable 30 days or less a year
49% 22% 12% 7% 10%
WEBSITE SECURITY STATISTICS REPORT | MAY 201324
MOST COMMON
VULNERABILITIES
AT A GLANCE
EXPOSURE AND CURRENT DEFENSE
PERCENT OF SERIOUS*
VULNERABILITIES
THAT HAVE BEEN FIXED
AVERAGE TIME
TO FIX
PERCENT OF ANALYZED
SITES WITH A SERIOUS*
VULNERABILITY
AVERAGE NUMBER OF
SERIOUS* VULNERABILITIES
PER SITE PER YEAR
91 %
54%
224
DAYS
106
Cross Site
Scripting*
Information
Leakage*
Content
Spoofing*
Brute Force* SQL Injection*Cross Site
Request
Forgery*
Directory
Indexing*
30%
20%
10% 31% 25% 12% 9% 8% 7% 7%
Retail Industry ScorecardApril 2013
THE CURRENT
STATE OF
WEBSITE SECURITY
TOP SEVEN
VULNERABILITY
CLASSES
CURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLS
USED BY ORGANIZATIONS
*The percent of sites that had at least one example of...
*Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements.
DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIES
Programmers receive instructor led or computer-based software security training
Applications contain a library or framework that centralizes and enforces security controls
Perform Static Code Analysis on their website(s) underlying applications
Web Application Firewall Deployed
Transactional / Anti-Fraud Monitoring System Deployed
80%
100%
60%
40%
20% 73% 60%90%70% 70%
54% Always Vulnerable
21% Frequently Vulnerable 271-364 days a year
6% Regularly Vulnerable 151-270 days a year
5% Occasionally Vulnerable 31-150 days a year
13% Rarely Vulnerable 30 days or less a year
54% 21% 6% 5% 13%
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 25
MOST COMMON
VULNERABILITIES
AT A GLANCE
EXPOSURE AND CURRENT DEFENSE
PERCENT OF SERIOUS*
VULNERABILITIES
THAT HAVE BEEN FIXED
AVERAGE TIME
TO FIX
PERCENT OF ANALYZED
SITES WITH A SERIOUS*
VULNERABILITY
AVERAGE NUMBER OF
SERIOUS* VULNERABILITIES
PER SITE PER YEAR
85%
61 %
71
DAYS
18
Cross-Site
Scripting*
Information
Leakage*
Content
Spoofing*
Cross-Site
Request Forgery*
Brute Force*Fingerprinting* URL Redirector
Abuse*
30%
20%
10% 41% 35% 19% 18% 14% 12% 12%
Technology
Industry ScorecardApril 2013
5% 64% 10% 9% 11%
THE CURRENT
STATE OF
WEBSITE SECURITY
TOP SEVEN
VULNERABILITY
CLASSES
CURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLS
USED BY ORGANIZATIONS
*The percent of sites that had at least one example of...
*Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements.
DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIES
Programmers receive instructor led or computer-based software security training
Applications contain a library or framework that centralizes and enforces security controls
Perform Static Code Analysis on their website(s) underlying applications
Web Application Firewall Deployed
Transactional / Anti-Fraud Monitoring System Deployed
80%
100%
60%
40%
20% 48% 52%96%72% 32%
5% Always Vulnerable
64% Frequently Vulnerable 271-364 days a year
10% Regularly Vulnerable 151-270 days a year
9% Occasionally Vulnerable 31-150 days a year
11% Rarely Vulnerable 30 days or less a year
WEBSITE SECURITY STATISTICS REPORT | MAY 201326
SURVEY
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 27
WEBSITE SECURITY STATISTICS REPORT | MAY 201328
(Figure 7) (Figure 8)
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 29
(Figure 9)
WEBSITE SECURITY STATISTICS REPORT | MAY 201330
(Figure 11).(Figure 10)
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 31
WEBSITE SECURITY STATISTICS REPORT | MAY 201332
(Figure 14) (Figure 15)
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 33
(Figure 16) (Figure 17)
(Figure 18)
WEBSITE SECURITY STATISTICS REPORT | MAY 201334
(Figure 20)
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 35
(Figure 24)
(Figure 21) (Figure 22)
(Figure 23)
WEBSITE SECURITY STATISTICS REPORT | MAY 201336
Figure 25).
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 37
WEBSITE SECURITY STATISTICS REPORT | MAY 201338
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 39
Answer:
SOFTWARE
DEVELOPMENT
Answer:
SECURITY
DEPARTMENT
Answer:
BOARD OF DIRECTORS
Answer:
EXECUTIVE
MANAGEMENT
Question:If an organization experiences a website(s) data
or system breach, which part of the organization is held
accountable and and what is its performance?
3rd
1St
2nd
4th
4th
3rd
3rd
1st
3rd
2nd
1st
2nd
Average Vulnerabilities
per Site Ranking
Average Time to Fix a
Vulnerability Ranking
Average Number of
Vulnerabilities Fixed Ranking
WEBSITE SECURITY STATISTICS REPORT | MAY 201340
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 41
WEBSITE SECURITY STATISTICS REPORT | MAY 201342
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 43
WEBSITE SECURITY STATISTICS REPORT | MAY 201344
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 45
WEBSITE SECURITY STATISTICS REPORT | MAY 201346
(Figure 37). (Figure 38).
(Figure 39). (Figure 40).
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 47
RECOMMENDATIONS
WEBSITE SECURITY STATISTICS REPORT | MAY 201348
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 49
WEBSITE SECURITY STATISTICS REPORT | MAY 201350
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 51
•
•
•
•
•
WEBSITE SECURITY STATISTICS REPORT | MAY 201352
WEBSITE SECURITY STATISTICS REPORT | MAY 2013 53
Top 10 Vulnerability Classes (2011)
(Sorted by vulnerability class)
Overall Vulnerability Population (2011)
Percentage breakdown of all the serious* vulnerabilities discovered
(Sorted by vulnerability class)

More Related Content

What's hot

The Imitation Game: Detecting and Thwarting Automated Bot Attacks
The Imitation Game: Detecting and Thwarting Automated Bot AttacksThe Imitation Game: Detecting and Thwarting Automated Bot Attacks
The Imitation Game: Detecting and Thwarting Automated Bot Attacks
Enterprise Management Associates
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & Co
Victor Oluwajuwon Badejo
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
Nexon Asia Pacific
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
Rahul Tyagi
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
Rahul Tyagi
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
Kim Jensen
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
Meg Weber
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Precisely
 
A CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability InsuranceA CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability Insurance
SecureAuth
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
Management Events
 
Why Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughWhy Two-Factor Isn't Enough
Why Two-Factor Isn't Enough
SecureAuth
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Proofpoint
 
3rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 20183rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 2018
NormShield
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
FireEye, Inc.
 
Convince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureConvince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cure
Dave James
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
Kim Jensen
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
Veracode
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
Proofpoint
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security index
sukiennong.vn
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
Veracode
 

What's hot (20)

The Imitation Game: Detecting and Thwarting Automated Bot Attacks
The Imitation Game: Detecting and Thwarting Automated Bot AttacksThe Imitation Game: Detecting and Thwarting Automated Bot Attacks
The Imitation Game: Detecting and Thwarting Automated Bot Attacks
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & Co
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
 
A CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability InsuranceA CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability Insurance
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
Why Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughWhy Two-Factor Isn't Enough
Why Two-Factor Isn't Enough
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
 
3rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 20183rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 2018
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 
Convince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureConvince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cure
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security index
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
 

Similar to WhiteHat Security Website Statistics [Full Report] (2013)

WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
Jeremiah Grossman
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
DMI
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
CA Technologies
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
Cognizant
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
WGroup
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
JustinBrown267905
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
Bob Maley
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber Security
Hudson Valley Public Relations
 
Treating Security Like a Product
Treating Security Like a ProductTreating Security Like a Product
Treating Security Like a Product
VMware Tanzu
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Four Ways Businesses Can Secure Themselves from Digital Supply Chain Attacks.pdf
Four Ways Businesses Can Secure Themselves from Digital Supply Chain Attacks.pdfFour Ways Businesses Can Secure Themselves from Digital Supply Chain Attacks.pdf
Four Ways Businesses Can Secure Themselves from Digital Supply Chain Attacks.pdf
Enterprise Insider
 
BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
CBIZ, Inc.
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
James Fisher
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
SolviosTechnology
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
gokuforhelp
 
Strengthening Supply Chain Security Against Cyber-Attacks.pdf
Strengthening Supply Chain Security Against Cyber-Attacks.pdfStrengthening Supply Chain Security Against Cyber-Attacks.pdf
Strengthening Supply Chain Security Against Cyber-Attacks.pdf
Enterprise Insider
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
Karyl Scott
 
2 factor authentication beyond password : enforce advanced security with au...
2  factor  authentication beyond password : enforce advanced security with au...2  factor  authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...
NetwayClub
 

Similar to WhiteHat Security Website Statistics [Full Report] (2013) (20)

WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber Security
 
Treating Security Like a Product
Treating Security Like a ProductTreating Security Like a Product
Treating Security Like a Product
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Four Ways Businesses Can Secure Themselves from Digital Supply Chain Attacks.pdf
Four Ways Businesses Can Secure Themselves from Digital Supply Chain Attacks.pdfFour Ways Businesses Can Secure Themselves from Digital Supply Chain Attacks.pdf
Four Ways Businesses Can Secure Themselves from Digital Supply Chain Attacks.pdf
 
BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
 
Strengthening Supply Chain Security Against Cyber-Attacks.pdf
Strengthening Supply Chain Security Against Cyber-Attacks.pdfStrengthening Supply Chain Security Against Cyber-Attacks.pdf
Strengthening Supply Chain Security Against Cyber-Attacks.pdf
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
2 factor authentication beyond password : enforce advanced security with au...
2  factor  authentication beyond password : enforce advanced security with au...2  factor  authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...
 

More from Jeremiah Grossman

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matter
Jeremiah Grossman
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare Sector
Jeremiah Grossman
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare Industry
Jeremiah Grossman
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Jeremiah Grossman
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
Jeremiah Grossman
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
Jeremiah Grossman
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
Jeremiah Grossman
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
Jeremiah Grossman
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
Jeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
Jeremiah Grossman
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Jeremiah Grossman
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security Guarantees
Jeremiah Grossman
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report Explained
Jeremiah Grossman
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
Jeremiah Grossman
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
Jeremiah Grossman
 
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Jeremiah Grossman
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
Jeremiah Grossman
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
Jeremiah Grossman
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
Jeremiah Grossman
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
Jeremiah Grossman
 

More from Jeremiah Grossman (20)

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matter
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare Sector
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare Industry
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security Guarantees
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report Explained
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
 
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
 

Recently uploaded

Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 

Recently uploaded (20)

Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 

WhiteHat Security Website Statistics [Full Report] (2013)

  • 1. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 1 WEBSITE SECURITY STATISTICS REPORT MAY 2013
  • 2. WEBSITE SECURITY STATISTICS REPORT | MAY 20132 INTRODUCTION WhiteHat Security’s Website Security Statistics Report provides a one-of-a-kind perspective on the state of website security and the issues that organizations must address in order to conduct business online safely. Website security is an ever-moving target. New website launches are common, new code is released constantly, new Web technologies are created and adopted every day; as a result, new attack techniques are frequently disclosed that can put every online business at risk. In order to stay protected, enterprises must receive timely information about how they can most efficiently defend their websites, gain visibility into the performance of their security programs, and learn how they compare with their industry peers. Obtaining these insights is crucial in order to stay ahead and truly improve enterprise website security. To help, WhiteHat Security has been publishing its Website Security Statistics Report since 2006. This report is the only one that focuses exclusively on unknown vulnerabilities in custom Web applications, code that is unique to an organization, and found in real-world websites. The underlying data is hundreds of terabytes in size, comprises vulnerability assessment results from tens of thousands of websites across hundreds of the most well-known organizations, and collectively represents the largest and most accurate picture of website security available. Inside this report is information about the most prevalent vulnerabilities, how many get fixed, how long the fixes can take on average, and how every application security program may measurably improve. The report is organized by industry, and is accompanied by WhiteHat Security’s expert analysis and recommendations. Through its Software-as-a-Service (SaaS) offering, WhiteHat Sentinel, WhiteHat Security is uniquely positioned to deliver the depth of knowledge that organizations require to protect their brands, attain compliance, and avert costly breaches. ABOUT WHITEHAT SECURITY Founded in 2001 and headquartered in Santa Clara, California, WhiteHat Security provides end-to-end solutions for Web security. The company’s cloud website vulnerability management platform and leading security engineers turn verified security intelligence into actionable insights for customers. Through a combination of core products and strategic partnerships, WhiteHat Security provides complete Web security at a scale and accuracy unmatched in the industry. WhiteHat Sentinel, the company’s flagship product line, currently manages more than 15,000 websites – including sites in the most regulated industries, such as top e-commerce, financial services and healthcare companies.
  • 3. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 3 N EXECUTIVE SUMMARY
  • 4. WEBSITE SECURITY STATISTICS REPORT | MAY 20134
  • 5. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 5
  • 6. WEBSITE SECURITY STATISTICS REPORT | MAY 20136
  • 7. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 7 KEY FINDINGS
  • 8. WEBSITE SECURITY STATISTICS REPORT | MAY 20138
  • 9. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 9 2007 1000 800 400 600 200 2008 2009 2009 2010 2011 AT A GLANCE: THE CURRENT STATE OF WEBSITE SECURITY
  • 10. WEBSITE SECURITY STATISTICS REPORT | MAY 201310
  • 11. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 11
  • 12. WEBSITE SECURITY STATISTICS REPORT | MAY 201312
  • 13. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 13
  • 14. WEBSITE SECURITY STATISTICS REPORT | MAY 201314
  • 15. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 15 MOST COMMON VULNERABILITIES
  • 16. WEBSITE SECURITY STATISTICS REPORT | MAY 201316
  • 17. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 17
  • 18. WEBSITE SECURITY STATISTICS REPORT | MAY 201318
  • 19. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 19 Cross-Site Scripting Information Leakage Content Spoofing Cross-Site Request Forgery Brute Force Insufficient Transport Layer Protection Insufficient Authorization SQL Other 43% 11% 7% 12% 13% injection
  • 20. WEBSITE SECURITY STATISTICS REPORT | MAY 201320 C-level executives, managers, and software developers often ask their security teams, “How are we doing? Are we safe, are we secure?” The real thing they may be asking for is a sense of how the organization’s current security posture compares to their peers or competitors. They want to know if the organization is leading, falling way behind, or is somewhere in between with respect to their security posture. The answers to that question are extremely helpful for progress tracking and goal setting. What many do not first consider is that some organizations (or particular websites) are ‘targets of opportunity,’ while others are ‘targets of choice.’ Targets of opportunity are breached when their security posture is weaker than the average organization (in their industry) – and they get unlucky in the total pool of potential victims. Targets of choice possess some type of unique and valuable information, or perhaps a reputation or brand that is particularly attractive to a motivated attacker. The attackers know precisely whom – or what – they want to penetrate. Here’s the thing: since ‘100% security’ is an unrealistic goal – mostly because it is flatly impossible, and the attempt is prohibitively expensive and for many completely unnecessary – it is imperative for every organization to determine if they most likely represent a target of opportunity or choice. In doing so an organization may establish and measure against a “secure enough” bar. If an organization is a target of opportunity, a goal of being just above average with respect to website security among peers is reasonable. The bad guy will generally prefer to attack weaker, and therefore easier to breach, targets. On the other hand, if an organization is a target of choice, that organization must elevate its website security posture to a point where an attacker’s efforts are detectable, preventable, and in case of a compromise, survivable. This is due to the fact that an adversary will spend whatever time is necessary looking for gaps in the defenses to exploit. Whether an organization is a target of choice or a target of opportunity, the following Industry Scorecards have been prepared to help organizations to visualize how its security posture compares to its peers (provided they know their own internal metrics, of course). INDUSTRY SCORECARDS
  • 21. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 21 MOST COMMON VULNERABILITIES AT A GLANCE EXPOSURE AND CURRENT DEFENSE PERCENT OF SERIOUS* VULNERABILITIES THAT HAVE BEEN FIXED AVERAGE TIME TO FIX PERCENT OF ANALYZED SITES WITH A SERIOUS* VULNERABILITY AVERAGE NUMBER OF SERIOUS* VULNERABILITIES PER SITE PER YEAR 81% 54% 107 DAYS 11 Cross-Site Scripting* Information Leakage* Content Spoofing* Cross-Site Request Forgery* Brute Force* Fingerprinting* Insufficient Authorization* 30% 20% 10% 26% 21% 9% 9% 8% 8% 5% Banking Industry ScorecardApril 2013 24% 33% 9% 11% 24% THE CURRENT STATE OF WEBSITE SECURITY TOP SEVEN VULNERABILITY CLASSES CURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLS USED BY ORGANIZATIONS *The percent of sites that had at least one example of... *Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements. DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIES Programmers receive instructor led or computer-based software security training Applications contain a library or framework that centralizes and enforces security controls Perform Static Code Analysis on their website(s) underlying applications Web Application Firewall Deployed Transactional / Anti-Fraud Monitoring System Deployed 80% 100% 60% 40% 20% 57% 29%57%29% 71% 24% Always Vulnerable 33% Frequently Vulnerable 271-364 days a year 9% Regularly Vulnerable 151-270 days a year 11% Occasionally Vulnerable 31-150 days a year Rarely Vulnerable 30 days or less a year
  • 22. WEBSITE SECURITY STATISTICS REPORT | MAY 201322 MOST COMMON VULNERABILITIES AT A GLANCE EXPOSURE AND CURRENT DEFENSE PERCENT OF SERIOUS* VULNERABILITIES THAT HAVE BEEN FIXED AVERAGE TIME TO FIX PERCENT OF ANALYZED SITES WITH A SERIOUS* VULNERABILITY AVERAGE NUMBER OF SERIOUS* VULNERABILITIES PER SITE PER YEAR 81% 67% 226 DAYS 50 Cross-Site Scripting* Information Leakage* Content Spoofing* SQL injection*Cross-Site request Forgery* Brute Force* Directory Indexing* 30% 20% 10% 31% 25% 12% 9% 8% 7% 7% Financial Services Industry Scorecard THE CURRENT STATE OF WEBSITE SECURITY TOP SEVEN VULNERABILITY CLASSES CURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLS USED BY ORGANIZATIONS *The percent of sites that had at least one example of... *Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements. DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIES Programmers receive instructor led or computer-based software security training Applications contain a library or framework that centralizes and enforces security controls Perform Static Code Analysis on their website(s) underlying applications Web Application Firewall Deployed Transactional / Anti-Fraud Monitoring System Deployed 80% 100% 60% 40% 20% 64% 70%50%50% 40% 28% Always Vulnerable 38% Frequently Vulnerable 271-364 days a year 10% Regularly Vulnerable 151-270 days a year 10% Occasionally Vulnerable 31-150 days a year 23% Rarely Vulnerable 30 days or less a year 28% 28% 10% 10% 23%
  • 23. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 23 MOST COMMON VULNERABILITIES AT A GLANCE EXPOSURE AND CURRENT DEFENSE PERCENT OF SERIOUS* VULNERABILITIES THAT HAVE BEEN FIXED AVERAGE TIME TO FIX PERCENT OF ANALYZED SITES WITH A SERIOUS* VULNERABILITY AVERAGE NUMBER OF SERIOUS* VULNERABILITIES PER SITE PER YEAR 90% 53% 276 DAYS 22 Cross Site Scripting* Information Leakage* Content Spoofing* Brute Force*Insufficent Transport Layer Protection* Cross Site Request Forgery* Session Fixation* 30% 20% 10% 40% 29% 22% 13% 12% 10% 9% Healthcare Industry ScorecardApril 2013 THE CURRENT STATE OF WEBSITE SECURITY TOP SEVEN VULNERABILITY CLASSES CURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLS USED BY ORGANIZATIONS *The percent of sites that had at least one example of... *Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements. DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIES Programmers receive instructor led or computer-based software security training Applications contain a library or framework that centralizes and enforces security controls Perform Static Code Analysis on their website(s) underlying applications Web Application Firewall Deployed Transactional / Anti-Fraud Monitoring System Deployed 80% 100% 60% 40% 20% 67% 67%83%50% 34% 48% Always Vulnerable 22% Frequently Vulnerable 271-364 days a year 12% Regularly Vulnerable 151-270 days a year 7% Occasionally Vulnerable 31-150 days a year 10% Rarely Vulnerable 30 days or less a year 49% 22% 12% 7% 10%
  • 24. WEBSITE SECURITY STATISTICS REPORT | MAY 201324 MOST COMMON VULNERABILITIES AT A GLANCE EXPOSURE AND CURRENT DEFENSE PERCENT OF SERIOUS* VULNERABILITIES THAT HAVE BEEN FIXED AVERAGE TIME TO FIX PERCENT OF ANALYZED SITES WITH A SERIOUS* VULNERABILITY AVERAGE NUMBER OF SERIOUS* VULNERABILITIES PER SITE PER YEAR 91 % 54% 224 DAYS 106 Cross Site Scripting* Information Leakage* Content Spoofing* Brute Force* SQL Injection*Cross Site Request Forgery* Directory Indexing* 30% 20% 10% 31% 25% 12% 9% 8% 7% 7% Retail Industry ScorecardApril 2013 THE CURRENT STATE OF WEBSITE SECURITY TOP SEVEN VULNERABILITY CLASSES CURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLS USED BY ORGANIZATIONS *The percent of sites that had at least one example of... *Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements. DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIES Programmers receive instructor led or computer-based software security training Applications contain a library or framework that centralizes and enforces security controls Perform Static Code Analysis on their website(s) underlying applications Web Application Firewall Deployed Transactional / Anti-Fraud Monitoring System Deployed 80% 100% 60% 40% 20% 73% 60%90%70% 70% 54% Always Vulnerable 21% Frequently Vulnerable 271-364 days a year 6% Regularly Vulnerable 151-270 days a year 5% Occasionally Vulnerable 31-150 days a year 13% Rarely Vulnerable 30 days or less a year 54% 21% 6% 5% 13%
  • 25. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 25 MOST COMMON VULNERABILITIES AT A GLANCE EXPOSURE AND CURRENT DEFENSE PERCENT OF SERIOUS* VULNERABILITIES THAT HAVE BEEN FIXED AVERAGE TIME TO FIX PERCENT OF ANALYZED SITES WITH A SERIOUS* VULNERABILITY AVERAGE NUMBER OF SERIOUS* VULNERABILITIES PER SITE PER YEAR 85% 61 % 71 DAYS 18 Cross-Site Scripting* Information Leakage* Content Spoofing* Cross-Site Request Forgery* Brute Force*Fingerprinting* URL Redirector Abuse* 30% 20% 10% 41% 35% 19% 18% 14% 12% 12% Technology Industry ScorecardApril 2013 5% 64% 10% 9% 11% THE CURRENT STATE OF WEBSITE SECURITY TOP SEVEN VULNERABILITY CLASSES CURRENT APPLICATION SECURITY BEHAVIORS AND CONTROLS USED BY ORGANIZATIONS *The percent of sites that had at least one example of... *Serious vulnerabilities are defined as those in which an attacker could take control over all, or a part, of a website, compromise user accounts, access sensitive data or violate compliance requirements. DAYS OVER A YEAR THAT A SITE IS EXPOSED TO SERIOUS* VULNERABILITIES Programmers receive instructor led or computer-based software security training Applications contain a library or framework that centralizes and enforces security controls Perform Static Code Analysis on their website(s) underlying applications Web Application Firewall Deployed Transactional / Anti-Fraud Monitoring System Deployed 80% 100% 60% 40% 20% 48% 52%96%72% 32% 5% Always Vulnerable 64% Frequently Vulnerable 271-364 days a year 10% Regularly Vulnerable 151-270 days a year 9% Occasionally Vulnerable 31-150 days a year 11% Rarely Vulnerable 30 days or less a year
  • 26. WEBSITE SECURITY STATISTICS REPORT | MAY 201326 SURVEY
  • 27. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 27
  • 28. WEBSITE SECURITY STATISTICS REPORT | MAY 201328 (Figure 7) (Figure 8)
  • 29. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 29 (Figure 9)
  • 30. WEBSITE SECURITY STATISTICS REPORT | MAY 201330 (Figure 11).(Figure 10)
  • 31. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 31
  • 32. WEBSITE SECURITY STATISTICS REPORT | MAY 201332 (Figure 14) (Figure 15)
  • 33. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 33 (Figure 16) (Figure 17) (Figure 18)
  • 34. WEBSITE SECURITY STATISTICS REPORT | MAY 201334 (Figure 20)
  • 35. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 35 (Figure 24) (Figure 21) (Figure 22) (Figure 23)
  • 36. WEBSITE SECURITY STATISTICS REPORT | MAY 201336 Figure 25).
  • 37. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 37
  • 38. WEBSITE SECURITY STATISTICS REPORT | MAY 201338
  • 39. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 39 Answer: SOFTWARE DEVELOPMENT Answer: SECURITY DEPARTMENT Answer: BOARD OF DIRECTORS Answer: EXECUTIVE MANAGEMENT Question:If an organization experiences a website(s) data or system breach, which part of the organization is held accountable and and what is its performance? 3rd 1St 2nd 4th 4th 3rd 3rd 1st 3rd 2nd 1st 2nd Average Vulnerabilities per Site Ranking Average Time to Fix a Vulnerability Ranking Average Number of Vulnerabilities Fixed Ranking
  • 40. WEBSITE SECURITY STATISTICS REPORT | MAY 201340
  • 41. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 41
  • 42. WEBSITE SECURITY STATISTICS REPORT | MAY 201342
  • 43. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 43
  • 44. WEBSITE SECURITY STATISTICS REPORT | MAY 201344
  • 45. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 45
  • 46. WEBSITE SECURITY STATISTICS REPORT | MAY 201346 (Figure 37). (Figure 38). (Figure 39). (Figure 40).
  • 47. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 47 RECOMMENDATIONS
  • 48. WEBSITE SECURITY STATISTICS REPORT | MAY 201348
  • 49. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 49
  • 50. WEBSITE SECURITY STATISTICS REPORT | MAY 201350
  • 51. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 51 • • • • •
  • 52. WEBSITE SECURITY STATISTICS REPORT | MAY 201352
  • 53. WEBSITE SECURITY STATISTICS REPORT | MAY 2013 53 Top 10 Vulnerability Classes (2011) (Sorted by vulnerability class) Overall Vulnerability Population (2011) Percentage breakdown of all the serious* vulnerabilities discovered (Sorted by vulnerability class)