Want to read about the latest trends and stats in the Web application security world?  Then look no further – we’ve just issued our latest report for the first half of 2009.

You can read all the gooey details in the report, but here are some key findings worth highlighting:  

• Sun Java, PHP, and Apache continue to be among the Top 10 vendors having the most severe vulnerabilities for the first half of 2009
• 78% of the total reported vulnerabilities affected Web technologies, such as Web servers, applications, Web browsers.  Plugins and ActiveX, which is a significant increase from earlier in the year.
• Of the browser vulnerabilities, the biggest surprise was Firefox that had 44% more vulnerabilities than the other browsers.  Another surprise was Safari – as it usually contains few vulnerabilities, but came in at 35%; significantly higher than Internet Explorer (15%).
• Based on the vulnerabilities found using Cenzic’s managed service – ClickToSecure – Information Leaks, XSS, Authentication / Authorization and Session Management flaws continue to dominate
• The majority of assessments completed by Cenzic had a high HARM score, highlighting the continuing risk and exposure faced by organizations

Happy reading!

by
Erin Swanson
Eswanson@cenzic.com