With over 800 million sites now hosted on the Internet, and this number can possibly be multiplied or divided by the golden ratio, but either way the fundamental mechanics of web sites is big. And, with 'big' we also get vulnerabilities, as a recently published survey report by White Hat Security indicates that 86% of those surveyed had at least one web site vulnerability in 2012, with the average number of vulnerabilities per web site being 56. Whilst 56 vulnerabilities per web site may appear large it is a number that is trending lower from well over 1000 in 2006, and even the prior year of the report (2011), recorded 79.
Of the the sites that experienced vulnerabilities the top three vulnerabilities classes were:
1. Information leakage – 55% of web sites
2. Cross-Site-Scripting – 53% of web sites
3. Content Spoofing – 33% of web sites.
And, the interesting statistic from an education perspective was that 57% of those in the survey pool provided some instructor-led or computer-based software security training, and the payback was 40% fewer vulnerabilities with 59% faster resolution.