[WEB SECURITY] Totals of web security's evolution in 2008
mustlive at websecurity.com.ua
Tue Jan 13 16:58:09 EST 2009
Hello participants of Mailing List.
For last time there were a lot of security predictions for new 2009 year
(I'll do my own soon ;-)), but there was no security totals of last year,
especially in web security field. At the least I didn't see such news.
So here is my totals of web security's evolution in 2008
(http://websecurity.com.ua/2788/). I made such totals last year and made it
1. Though in 2007 there were more security projects, but nevertheless in
2008 I made some interesting projects: Day of bugs in Google Chrome
(http://websecurity.com.ua/2406/), Day of bugs in browsers
(http://websecurity.com.ua/2453/), Day of bugs in browsers 2
2. New phase of browsers wars has begun with release of Google Chrome, which
showed together with his innovations, also multiple vulnerabilities.
3. XSS vulnerabilities spread yet more and again became most widespread
vulnerabilities in web applications.
4. There was an increase of hackers' activity. Particularly in Uanet an
increase of hackers' activity (http://websecurity.com.ua/2320/) at 200% in
first half year of 2008 in comparison with similar period of 2007 (and as
my additional data shows, which I'll publish soon, this index is more
5. Fishing became more widespread and new technique of fishing attacks has
appeared with using of Flash (http://websecurity.com.ua/2450/).
6. Attacks with using of Insufficient Anti-automation vulnerabilities
spread. Particularly attacks at captcha of popular webmail systems.
7. There was an increase of attacks on social networks.
8. New web worms were appeared, particularly Facebook Worm.
9. There was an increase of numbers of web pages infected by viruses.
Including in Uanet, where I often discovered infected web sites.
Best wishes & regards,
Administrator of Websecurity web site
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
More information about the websecurity