White Hat Security has released a detailed report on the prevalence of website vulnerabilities and the effect training and best practices have on website security. The average number of serious vulnerabilities per website has dropped from 79 in 2011 to 56 in 2012 – “serious” being defined as “those in which an attacker could take control over all, or some part, of the website, compromise user accounts on the system, access sensitive data, violate compliance requirements, and possibly make headline news.” During the testing, 86% of all websites had at least on serious vulnerability. So it’s getting better, but…ouch.
On a happier note, SQL injection is no longer one of the top ten vulnerabilities.