Assurance - Jan Tudor - May 2013 Tweet
Over the past three years Context has gathered statistics from a range of IT security activities and consultancy engagements. One of the most common activities performed during this period has been web application penetration testing. This whitepaper will provide a unique insight into the state of web application security, presenting penetration test analysis drawn from a dataset containing nearly 12,000 confirmed vulnerabilities, found in almost 900 pre-release and production web applications during the period between January 2010 and December 2012.
This dataset has been generated using the output from manually-guided penetration tests, not automated vulnerability scanners. The fact that all vulnerabilities have been identified and confirmed manually means the dataset provides a credible and high-quality resource that can be used to review the current state of web application security.
In this whitepaper we present analysis of the previous 3 years application penetration issues, along with predictions for 2013.