The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are...
Jeremiah grossman has posted the results of his "Web Application Security Professionals Survey (July 2008)". They are also available in ZIP format.
An anonymous user writes "The results are in and the people have spoken! Our goal was to capture the thoughts of the crowd and boy did it ever! T he 59 respondents shared their battleground views of web application security and in doing so presented interesting persp ectives and great insights of...
"Flaws in Web applications boosted the bug counts for 2006 by more than a third over the previous year, according to data obtained by SecurityFocus from the four major vulnerability databases. On Monday, the Computer Emergency Response Team (CERT) Coordination Center released its final tally of the number of flaws the organization...
"This monthly survey has become a really fun project. It's receiving great reviews and right when you think you know something, the answers to a couple questions reveal something unexpected. That's what we're really going for here. Exposing various aspects of web application security we previously didn't know, understand, or fully appreciate....
Jeremiah grossman sent out a survey a few weeks ago to the application security industry and he has posted the results on his site. "73% of those performing web application vulnerability assessments are not using or rarely using commercial scanner products. It's hard to say if this is good/bad/increasing/decreasing or otherwise. Certainly...
The riffraff of the web application security space Jeremiah Grossman has polled a bunch of application security professionals and published the results on his site. "Two weeks ago I sent out an informal email survey to several dozen people I know in the web application security professional services business. People from large...
