Security Slideshow: Web App Vulnerabilities Emerge as Enterprise Security Threat

By Dennis McCafferty  |  Posted 10-13-2010

80 percent

80 percent is the share of network attacks that target Web-based systems.

80 percent

4,059

4,059 is the total number of Web application vulnerabilities found for first-half 2010.

4,059

790

790 is the number of cross-site scripting vulnerabilities impacting Web applications in first-half 2010.

790

155

155 is the number of cross-site request forgery vulnerabilities impacting Web applications in first-half 2010.

155

542

542 is the number of SQL-injection vulnerabilities impacting Web applications in first-half 2010.

542

385

385 is the number of buffer-overflow vulnerabilities impacting Web applications in first-half 2010.

385

378

378 is the number of "remote-file include" vulnerabilities impacting Web applications in first-half 2010.

378

418

418 is the number of denial-of-service vulnerabilities impacting Web applications in first-half 2010.

418

Known, Un-Patched Vulnerabilities

MS ExplorerJune 2010: 6May 2010: 1

Known, Un-Patched Vulnerabilities

Known, Un-Patched Vulnerabilities

Mozilla FirefoxJune 2010: 9May 2010: 2

Known, Un-Patched Vulnerabilities

Known, Un-Patched Vulnerabilities

Safari/WebKitJune 2010: 20 May 2010: 19

Known, Un-Patched Vulnerabilities

Known, Un-Patched Vulnerabilities

Flash/ShockwareJune 2010: 12May 2010: 9

Known, Un-Patched Vulnerabilities

199,077

199,077 is the number of HTTP client-side attacks in June 2010, mostly stemming from malicious JavaScript and file-format attacks, up from just under 150,000 in May.

199,077

12 million

More than 12 million is the number of HTTP server-side attacks in June, mostly XSS, SQL Injection and PHP RFI, up from just over 9.8 million in May.

12 million

28,477

28,477 is the number of SMB attacks in June, up from an estimated 28,200 in May.

28,477

82,203

82,203 is the number of JavaScript-based attacks in June, up from about 67,500 in May.

82,203