From time to time, it is useful for a consulting company like us to stop, look back and think about what has been done in the last few years. This is important because:
- the company can identify the categories where internal skills need to be improved;
- the company is able to know in advance which areas are more flawed for specific customers.
For this reason, we collected all our reports from 2010 until 2012 and performed a statistical analysis that, in conjunction with other contributors' results, will help the new OWASP Top Ten to better fit these times and to keep track of differences from previous versions.
We started the analysis by splitting vulnerabilities in two main categories:
We started the analysis by splitting vulnerabilities in two main categories:
- Web Application Penetration Test (WAPT)
- Secure Code Review (SCR).
SCR vulnerabilities percentage |
WAPT vulnerabilities percentage |
We think this can help to understand how the results presented from the OWASP Top Ten 2013 were obtained. Also it is an overview of what we find during our consulting assessments.
Finally, to give more expressiveness to these data, here are them according to their testing category (as described in the OWASP Tesing Guide) in order to know which areas are more vulnerable:
SCR areas of analysis percentage |
WAPT areas of analysis percentage |
No comments :
Post a Comment