Q1 2007 Application Security Trends Report
- To: webappsec@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Q1 2007 Application Security Trends Report
- From: "Tom Stracener" <strace@xxxxxxxxx>
- Date: Tue, 22 May 2007 12:23:10 -0700
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Acb+H+6ilfF0tnkwfwOqSG+jvmWZRdaSf/JaCYrqxjuv+9tbpHf7ipKcuSBQeoumZ7EOTTmO10wMdouTVbmcjCJgYknhKrKxQc+/5dtewJ38Hfnu/f26ha1Tm3lWu778cPZvx8SbadG+8kLe+NDCdysX+w9CFdYL5Sx1bJWCitU=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=JKRe31izQ7ia+Rh1iSep3vx7WR8gSul05TSDQZAIzvN8Zu5T7UEy+UB9Xsv2u60ufkrN7ApzZepujl+ljCHxDC0sKd54PGOzOhlqjey60L9FBE5bmgUwymLEiE+SwfSZQBb3Ut51OGa0bl6PEg1ENEL5uU4SYAfO61Kvh9Q0KGc=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Cenzic's CIA Labs has recently finished up its Q1 2007 Application
Security Trends Report. The full report is available at the URL below:
http://www.cenzic.com/pdfs/CZ_AppSecTrnds_Rev4.pdf
You can read my blog post about the Trend Report below:
http://secureweb.typepad.com/secure_web/2007/05/q1_2007_applica.html
We examined vulnerability data for the period, attack and probe data
from SANS ISC and DShield, and highlighted important application
security events that occured during the Q1 2007 time-frame.
Additionally we drew upon data from Cenzic's ClickToSecure service to
point to the types of vulnerabilities we found to be most common in
the wild.
I hope our readers enjoy this report as much as we enjoyed putting it together.
Best Regards,
Tom Stracener
Sr. Security Analyst
Cenzic Inc.