Q1 2007 Application Security Trends Report

To: webappsec@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Q1 2007 Application Security Trends Report
From: "Tom Stracener" <strace@xxxxxxxxx>
Date: Tue, 22 May 2007 12:23:10 -0700
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Acb+H+6ilfF0tnkwfwOqSG+jvmWZRdaSf/JaCYrqxjuv+9tbpHf7ipKcuSBQeoumZ7EOTTmO10wMdouTVbmcjCJgYknhKrKxQc+/5dtewJ38Hfnu/f26ha1Tm3lWu778cPZvx8SbadG+8kLe+NDCdysX+w9CFdYL5Sx1bJWCitU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=JKRe31izQ7ia+Rh1iSep3vx7WR8gSul05TSDQZAIzvN8Zu5T7UEy+UB9Xsv2u60ufkrN7ApzZepujl+ljCHxDC0sKd54PGOzOhlqjey60L9FBE5bmgUwymLEiE+SwfSZQBb3Ut51OGa0bl6PEg1ENEL5uU4SYAfO61Kvh9Q0KGc=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Cenzic's CIA Labs has recently finished up its Q1 2007 Application
Security Trends Report. The full report is available at the URL below:

http://www.cenzic.com/pdfs/CZ_AppSecTrnds_Rev4.pdf

You can read my blog post about the Trend Report below:

http://secureweb.typepad.com/secure_web/2007/05/q1_2007_applica.html

We examined vulnerability data for the period, attack and probe data
from SANS ISC and DShield, and highlighted important application
security events that occured during the Q1 2007 time-frame.
Additionally we drew upon data from Cenzic's ClickToSecure service to
point to the types of vulnerabilities we found to be most common in
the wild.

I hope our readers enjoy this report as much as we enjoyed putting it together.

Best Regards,

Tom Stracener
Sr. Security Analyst
Cenzic Inc.

Prev by Date: [security bulletin] HPSBUX02217 SSRT071337 rev.1 - HP-UX running Kerberos, Remote Arbitrary Code Execution
Next by Date: [ GLSA 200705-18 ] PPTPD: Denial of Service attack
Previous by thread: [security bulletin] HPSBUX02217 SSRT071337 rev.1 - HP-UX running Kerberos, Remote Arbitrary Code Execution
Next by thread: [ GLSA 200705-18 ] PPTPD: Denial of Service attack
Index(es):
- Date
- Thread