CENZIC ENTERPRISE APPLICATION SECURITY Web Application Security Trends Report
Q1-Q2, 2009
Proprietary Notice
The information in this document is the property of Cenzic, Inc. and cannot be reproduced or
redistributed for commercial purposes, without prior written consent from Cenzic, Inc. except as
specified below.
We encourage you to share this report with others via linking or attribution. Information can also
be used in any articles – online or print, whitepapers, or journals when cited with the following
attribution Source: Cenzic Web Application Security Trends Report – Q1-Q2, 2009, Cenzic Inc.
© Copyright 2009 Cenzic, Inc.
www.cenzic.com
866) 4-CENZIC (866-423-6942)
Web Application Security Trends Report Q1-Q2 2009
2
Company Confidential
Cenzic®, Hailstorm® and ClickToSecure® are registered trademarks of Cenzic, Inc.
The Cenzic logo, Hailstorm Enterprise ARC, and GovShield are trademarks of Cenzic, Inc.
© 2009 Cenzic, Inc. All rights reserved.
| (
|
Table of Contents
Contributors..................................................................................................................... 3
Executive Summary ........................................................................................................ 4
General Observations ..................................................................................................... 6
Top 10 Vulnerabilities of Q1-Q2 2009 ............................................................................. 7
Vulnerabilities in Web Applications................................................................................ 10
Vulnerability Breakdown for Q1-Q2 2009 ...................................................................... 11
Web Browser Vulnerabilities ......................................................................................... 12
I