[WEB SECURITY] WASC Web Application Security Statistics Project

Sergey V. Gordeychik gordey at ptsecurity.ru
Wed May 14 13:41:39 EDT 2008


WASC is looking for more contributors to its "Web Application Security
Statistics" project. This initiative is a collaborative industry wide
effort to pool together sanitized website vulnerability data and gain a
better understanding about the web application vulnerability landscape.
We're ascertaining which classes of attack are the most prevalent
regardless of the methodology used to identify them.

Industry statistics such as those compiled by Mitre CVE project provide
valuable insight into the types of vulnerabilities discovered in open
source and commercial applications, this project seeks to be the
equivalent for custom web applications.

Goals:
1. Identify the prevalence and probability of different vulnerability
classes (WASC TOP 10)
2. Compare testing methodologies against what types of vulnerabilities
they are likely to identify.

If you represent an organization that performs vulnerability assessments
on websites, particular in those in custom web applications, through a
manual or automated process and would like to participate please let us
know. Once statistics are compiled, a report will be distributed, and
all contributors will receive a logo on the project pages as well as on
other deliverables in appreciate of their contribution.

Web Application Security Statistics
http://www.webappsec.org/projects/statistics/

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list