2Q report by IBM X-Force, 23% of websites vulnerable.

CSRF or Cross Site Request forgery is the highest likely method of attack

Broken Authentication is second

And cross-site scripting(XSS) is third

SQL Injection as well as security misconfigurations are also higher than 10% of he vulnerability types.



The IBM report at X-Force blog  recounts the challenges a web application scanner has as to when and what to scan.


As one has to be careful with how to scan production systems.  If not done well, a vulnerability may not be exposed or a production system may have ill effects.


We are aware of this in our product offerings.

Scan Solutions at Oversitesentry