SlideShare a Scribd company logo

Website security statistics of 2012

Bee_Ware
Bee_Ware

The document summarizes the findings of a study that tested over 5,000 web applications for vulnerabilities. It found that 99% of applications had at least one vulnerability, and 82% had at least one high or critical vulnerability. The most common vulnerability was cross-site scripting (61%). The banking industry had the fewest vulnerabilities while retail had the most. On average, each application contained 35 vulnerabilities.

Technology
1 of 10
Download to read offline
1 Web Application Vulnerability Statistics of 2012
2 Background • iViZ – Cloud based Application Penetration Testing • Zero False Positive Guarantee • Business Logic Testing with 100% WASC (Web Application Security Consortium) class coverage • Funded by IDG Ventures • 30+ Zero Day Vulnerabilities discovered • 10+ Recognitions from Analysts and Industry • 300+ Customers
3 Research Methodology • Application security Data Collection • 300+ Customers • 5,000 + Application Security Tests • 25% Apps from Asia, 40% Apps from USA and 25% from Europe
4 Key Findings • 99% of the Apps tested had at least 1 vulnerability • 82% of the web application had at least 1 High/Critical Vulnerability • 90% of hacking incidents never gets known to public • Very low correlation between Security and Compliance (Correlation Coefficient: 0.2) • Average number of vulnerability per website: 35 • 30% of the hacked organizations knew the vulnerability (for which they got hacked) beforehand • #1 Vulnerability: Cross site scripting (61%) • #1 Secure vertical: Banking • #1 Vulnerable Vertical: Retail
5 Average number of Vulnerabilities
6 Top 5 Application Flaws Percentage of websites containing the “Type of Vulnerability”
7 5 Common Business Logic Flaws • Weak Password recovery • Abusing Discount Logic/Coupons • Denial of Service using Business Logic • Price Manipulation during Transaction • Insufficient Server Side Validation (One Time Password (OTP) bypass)
8 Which are the most vulnerable Industry Verticals? Average number of Vulnerabilities per Application
9 Application Security Posture by Geography Average number of Vulnerability per Application
10 Thank You!! For more Information please visit www.ivizsecurity.com

Recommended

2015 Global Threat Intelligence Report - an analysis of global security trends
2015 Global Threat Intelligence Report - an analysis of global security trends2015 Global Threat Intelligence Report - an analysis of global security trends
2015 Global Threat Intelligence Report - an analysis of global security trends
DImension Data
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
London School of Cyber Security
 
42396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D142396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D1
D Larson
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use Policy
Allot Communications
 
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24
 
Mobile Protect Pro - Powered by Zimperium
Mobile Protect Pro - Powered by ZimperiumMobile Protect Pro - Powered by Zimperium
Mobile Protect Pro - Powered by Zimperium
Zimperium
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24
 

Recommended

2015 Global Threat Intelligence Report - an analysis of global security trends
2015 Global Threat Intelligence Report - an analysis of global security trends2015 Global Threat Intelligence Report - an analysis of global security trends
2015 Global Threat Intelligence Report - an analysis of global security trends
DImension Data
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
London School of Cyber Security
 
42396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D142396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D1
D Larson
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use Policy
Allot Communications
 
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24
 
Mobile Protect Pro - Powered by Zimperium
Mobile Protect Pro - Powered by ZimperiumMobile Protect Pro - Powered by Zimperium
Mobile Protect Pro - Powered by Zimperium
Zimperium
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested Reality
Zimperium
 
NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochure
Candan BOLUKBAS
 
Deutsche Telekom Partnering Operating Alliance Summit - Zimperium
Deutsche Telekom Partnering Operating Alliance Summit - ZimperiumDeutsche Telekom Partnering Operating Alliance Summit - Zimperium
Deutsche Telekom Partnering Operating Alliance Summit - Zimperium
Zimperium
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ulf Mattsson
 
How to Gather Global Mobile Threat Intelligence
How to Gather Global Mobile Threat IntelligenceHow to Gather Global Mobile Threat Intelligence
How to Gather Global Mobile Threat Intelligence
Zimperium
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and compliance
SPAN Infotech (India) Pvt Ltd
 
NK Butuan Presentaion
NK Butuan PresentaionNK Butuan Presentaion
NK Butuan Presentaion
Leander Jan Largo
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application Security
Sirius
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and Issues
Dedi Dwianto
 
Are Your IT Systems Secure?
Are Your IT Systems Secure?Are Your IT Systems Secure?
Are Your IT Systems Secure?
Nex-Tech
 
I Vi Z Profile
I Vi Z ProfileI Vi Z Profile
I Vi Z Profile
khushboo
 
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
North Texas Chapter of the ISSA
 
NTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John Whited
North Texas Chapter of the ISSA
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
Enterprise Management Associates
 
Web App Se Saidi Scan
Web App Se Saidi ScanWeb App Se Saidi Scan
Web App Se Saidi Scan
Aung Khant
 
HPE Protect 2016 - Fearlessly Innovate
HPE Protect 2016 - Fearlessly InnovateHPE Protect 2016 - Fearlessly Innovate
HPE Protect 2016 - Fearlessly Innovate
scoopnewsgroup
 
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
DevOps Indonesia
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional
Outpost24
 
Effective security monitoring mp 2014
Effective security monitoring mp 2014Effective security monitoring mp 2014
Effective security monitoring mp 2014
Ricardo Resnik
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
Security Innovation
 
To byod or not to byod
To byod or not to byodTo byod or not to byod
To byod or not to byod
Bee_Ware
 
ฟอร มโครงร างโครงงานคอมพ_วเตอร_
ฟอร มโครงร างโครงงานคอมพ_วเตอร_ฟอร มโครงร างโครงงานคอมพ_วเตอร_
ฟอร มโครงร างโครงงานคอมพ_วเตอร_
ชัญญานุช นิลประดับ
 

More Related Content

What's hot

Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ulf Mattsson
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application Security
Sirius
 
NTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John Whited
North Texas Chapter of the ISSA
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
Enterprise Management Associates
 
Web App Se Saidi Scan
Web App Se Saidi ScanWeb App Se Saidi Scan
Web App Se Saidi Scan
Aung Khant
 

What's hot (20)

Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested Reality
 
NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochure
 
Deutsche Telekom Partnering Operating Alliance Summit - Zimperium
Deutsche Telekom Partnering Operating Alliance Summit - ZimperiumDeutsche Telekom Partnering Operating Alliance Summit - Zimperium
Deutsche Telekom Partnering Operating Alliance Summit - Zimperium
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
How to Gather Global Mobile Threat Intelligence
How to Gather Global Mobile Threat IntelligenceHow to Gather Global Mobile Threat Intelligence
How to Gather Global Mobile Threat Intelligence
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and compliance
 
NK Butuan Presentaion
NK Butuan PresentaionNK Butuan Presentaion
NK Butuan Presentaion
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application Security
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and Issues
 
Are Your IT Systems Secure?
Are Your IT Systems Secure?Are Your IT Systems Secure?
Are Your IT Systems Secure?
 
I Vi Z Profile
I Vi Z ProfileI Vi Z Profile
I Vi Z Profile
 
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
 
NTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John Whited
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
 
Web App Se Saidi Scan
Web App Se Saidi ScanWeb App Se Saidi Scan
Web App Se Saidi Scan
 
HPE Protect 2016 - Fearlessly Innovate
HPE Protect 2016 - Fearlessly InnovateHPE Protect 2016 - Fearlessly Innovate
HPE Protect 2016 - Fearlessly Innovate
 
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional
 
Effective security monitoring mp 2014
Effective security monitoring mp 2014Effective security monitoring mp 2014
Effective security monitoring mp 2014
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
 

Viewers also liked

Feliz dia del padre infor
Feliz dia del padre inforFeliz dia del padre infor
Feliz dia del padre infor
lissalejandra
 
Claudine florence three tools to use in a singing career
Claudine florence three tools to use in a singing careerClaudine florence three tools to use in a singing career
Claudine florence three tools to use in a singing career
claudine7874
 
Всеукраїнський Рух ЗАВТРА
Всеукраїнський Рух ЗАВТРАВсеукраїнський Рух ЗАВТРА
Всеукраїнський Рух ЗАВТРА
mariya776
 
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพรใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
Mark Mad
 
ใบงานที่ 7 เรื่อง โครงงานประเภท “การประยุกต์ใช้งาน”
ใบงานที่ 7 เรื่อง โครงงานประเภท “การประยุกต์ใช้งาน”ใบงานที่ 7 เรื่อง โครงงานประเภท “การประยุกต์ใช้งาน”
ใบงานที่ 7 เรื่อง โครงงานประเภท “การประยุกต์ใช้งาน”
Mark Mad
 
ใบงานที่ 6 เรื่อง โครงงานประเภท “การทดลองทฤษฎี”
ใบงานที่ 6 เรื่อง โครงงานประเภท “การทดลองทฤษฎี”ใบงานที่ 6 เรื่อง โครงงานประเภท “การทดลองทฤษฎี”
ใบงานที่ 6 เรื่อง โครงงานประเภท “การทดลองทฤษฎี”
Mark Mad
 
La vida al voltant de la mediterrànea
La vida al voltant de la mediterràneaLa vida al voltant de la mediterrànea
La vida al voltant de la mediterrànea
Kracopayner
 
Technology integration
Technology integrationTechnology integration
Technology integration
briggsad
 

Viewers also liked (20)

To byod or not to byod
To byod or not to byodTo byod or not to byod
To byod or not to byod
 
ฟอร มโครงร างโครงงานคอมพ_วเตอร_
ฟอร มโครงร างโครงงานคอมพ_วเตอร_ฟอร มโครงร างโครงงานคอมพ_วเตอร_
ฟอร มโครงร างโครงงานคอมพ_วเตอร_
 
CTEL: Social Media - strategy
CTEL: Social Media - strategyCTEL: Social Media - strategy
CTEL: Social Media - strategy
 
2013 cost of data breach study - Global analysis
2013 cost of data breach study - Global analysis2013 cost of data breach study - Global analysis
2013 cost of data breach study - Global analysis
 
2013 global encryption trends study
2013 global encryption trends study2013 global encryption trends study
2013 global encryption trends study
 
Feliz dia del padre infor
Feliz dia del padre inforFeliz dia del padre infor
Feliz dia del padre infor
 
NDO
NDONDO
NDO
 
Claudine florence three tools to use in a singing career
Claudine florence three tools to use in a singing careerClaudine florence three tools to use in a singing career
Claudine florence three tools to use in a singing career
 
Всеукраїнський Рух ЗАВТРА
Всеукраїнський Рух ЗАВТРАВсеукраїнський Рух ЗАВТРА
Всеукраїнський Рух ЗАВТРА
 
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพรใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
 
Trias politika
Trias politikaTrias politika
Trias politika
 
Video Production Beginner's Guide
Video Production Beginner's GuideVideo Production Beginner's Guide
Video Production Beginner's Guide
 
Intro
IntroIntro
Intro
 
Moving beyond passwords - Consumer attitudes on online authentication
Moving beyond passwords - Consumer attitudes on online authenticationMoving beyond passwords - Consumer attitudes on online authentication
Moving beyond passwords - Consumer attitudes on online authentication
 
ใบงานที่ 7 เรื่อง โครงงานประเภท “การประยุกต์ใช้งาน”
ใบงานที่ 7 เรื่อง โครงงานประเภท “การประยุกต์ใช้งาน”ใบงานที่ 7 เรื่อง โครงงานประเภท “การประยุกต์ใช้งาน”
ใบงานที่ 7 เรื่อง โครงงานประเภท “การประยุกต์ใช้งาน”
 
ใบงานที่ 6 เรื่อง โครงงานประเภท “การทดลองทฤษฎี”
ใบงานที่ 6 เรื่อง โครงงานประเภท “การทดลองทฤษฎี”ใบงานที่ 6 เรื่อง โครงงานประเภท “การทดลองทฤษฎี”
ใบงานที่ 6 เรื่อง โครงงานประเภท “การทดลองทฤษฎี”
 
morphometric analysis
morphometric analysismorphometric analysis
morphometric analysis
 
La vida al voltant de la mediterrànea
La vida al voltant de la mediterràneaLa vida al voltant de la mediterrànea
La vida al voltant de la mediterrànea
 
Technology integration
Technology integrationTechnology integration
Technology integration
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
 

Similar to Website security statistics of 2012

Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Denim Group
 
Breached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseBreached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident Response
Resilient Systems
 
Application Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerApplication Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh Ummer
OWASP-Qatar Chapter
 
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 

Similar to Website security statistics of 2012 (20)

FireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent SecurityFireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent Security
 
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOpsІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack Survival
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
Using 80 20 rule in application security management
Using 80 20 rule in application security managementUsing 80 20 rule in application security management
Using 80 20 rule in application security management
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface management
 
Penetrating Android Aapplications
Penetrating Android AapplicationsPenetrating Android Aapplications
Penetrating Android Aapplications
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Breached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseBreached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident Response
 
Application Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerApplication Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh Ummer
 
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 

More from Bee_Ware

Biometrics how far are we prepared to go
Biometrics how far are we prepared to goBiometrics how far are we prepared to go
Biometrics how far are we prepared to go
Bee_Ware
 

More from Bee_Ware (20)

Les francais et la protection des données personnelles
Les francais et la protection des données personnellesLes francais et la protection des données personnelles
Les francais et la protection des données personnelles
 
DDoS threat landscape report
DDoS threat landscape reportDDoS threat landscape report
DDoS threat landscape report
 
Top ten big data security and privacy challenges
Top ten big data security and privacy challengesTop ten big data security and privacy challenges
Top ten big data security and privacy challenges
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
 
Numergy la sécurité des données dans le cloud
Numergy la sécurité des données dans le cloudNumergy la sécurité des données dans le cloud
Numergy la sécurité des données dans le cloud
 
Waf, le bon outil, la bonne administration
Waf, le bon outil, la bonne administration Waf, le bon outil, la bonne administration
Waf, le bon outil, la bonne administration
 
Bonnes pratiques de sécurité - Kaspersky
Bonnes pratiques de sécurité - KasperskyBonnes pratiques de sécurité - Kaspersky
Bonnes pratiques de sécurité - Kaspersky
 
Les entreprises européennes sont elles bien armées pour affronter les cyber a...
Les entreprises européennes sont elles bien armées pour affronter les cyber a...Les entreprises européennes sont elles bien armées pour affronter les cyber a...
Les entreprises européennes sont elles bien armées pour affronter les cyber a...
 
Maitriser la ssi pour les systèmes industriels
Maitriser la ssi pour les systèmes industrielsMaitriser la ssi pour les systèmes industriels
Maitriser la ssi pour les systèmes industriels
 
Kindsight security labs malware report - Q4 2013
Kindsight security labs malware report - Q4 2013Kindsight security labs malware report - Q4 2013
Kindsight security labs malware report - Q4 2013
 
Biometrics how far are we prepared to go
Biometrics how far are we prepared to goBiometrics how far are we prepared to go
Biometrics how far are we prepared to go
 
Managing complexity in IAM
Managing complexity in IAMManaging complexity in IAM
Managing complexity in IAM
 
Websense security prediction 2014
Websense security prediction 2014Websense security prediction 2014
Websense security prediction 2014
 
Les principales failles de sécurité des applications web actuelles
Les principales failles de sécurité des applications web actuellesLes principales failles de sécurité des applications web actuelles
Les principales failles de sécurité des applications web actuelles
 
La sécurité des Si en établissement de santé
La sécurité des Si en établissement de santéLa sécurité des Si en établissement de santé
La sécurité des Si en établissement de santé
 
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesLes 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
 
2013 Mobile Application Security Survey
2013 Mobile Application Security Survey2013 Mobile Application Security Survey
2013 Mobile Application Security Survey
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
 
Guide de mise en oeuvre d'une authentification forte avec une cps
Guide de mise en oeuvre d'une authentification forte avec une cpsGuide de mise en oeuvre d'une authentification forte avec une cps
Guide de mise en oeuvre d'une authentification forte avec une cps
 
Clusif le role de l'organisation humaine dans la ssi 2013
Clusif le role de l'organisation humaine dans la ssi 2013Clusif le role de l'organisation humaine dans la ssi 2013
Clusif le role de l'organisation humaine dans la ssi 2013
 

Recently uploaded

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

Recently uploaded (20)

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Website security statistics of 2012

  • 2. 2 Background • iViZ – Cloud based Application Penetration Testing • Zero False Positive Guarantee • Business Logic Testing with 100% WASC (Web Application Security Consortium) class coverage • Funded by IDG Ventures • 30+ Zero Day Vulnerabilities discovered • 10+ Recognitions from Analysts and Industry • 300+ Customers
  • 3. 3 Research Methodology • Application security Data Collection • 300+ Customers • 5,000 + Application Security Tests • 25% Apps from Asia, 40% Apps from USA and 25% from Europe
  • 4. 4 Key Findings • 99% of the Apps tested had at least 1 vulnerability • 82% of the web application had at least 1 High/Critical Vulnerability • 90% of hacking incidents never gets known to public • Very low correlation between Security and Compliance (Correlation Coefficient: 0.2) • Average number of vulnerability per website: 35 • 30% of the hacked organizations knew the vulnerability (for which they got hacked) beforehand • #1 Vulnerability: Cross site scripting (61%) • #1 Secure vertical: Banking • #1 Vulnerable Vertical: Retail
  • 5. 5 Average number of Vulnerabilities
  • 6. 6 Top 5 Application Flaws Percentage of websites containing the “Type of Vulnerability”
  • 7. 7 5 Common Business Logic Flaws • Weak Password recovery • Abusing Discount Logic/Coupons • Denial of Service using Business Logic • Price Manipulation during Transaction • Insufficient Server Side Validation (One Time Password (OTP) bypass)
  • 8. 8 Which are the most vulnerable Industry Verticals? Average number of Vulnerabilities per Application
  • 9. 9 Application Security Posture by Geography Average number of Vulnerability per Application
  • 10. 10 Thank You!! For more Information please visit www.ivizsecurity.com