pf » Web Application Vulnerabilities trump Buffer Overflows

November 02, 2006

Web Application Vulnerabilities trump Buffer Overflows

web

This should be an eye opener to many. In September Mitre reported that web application vulnerabilities are claiming the top three spots on their CVE request list, beating out Buffer Overflows.

  1. Cross Site Scripting (21.5%)
  2. SQL Injection (14%)
  3. PHP includes (9.5%)
  4. Buffer overflows (7.9%)

Mike Sutton wanted to know just how prevalent are SQL Injection Vulnerabilities? So he ran a little test, and found that out of 1000 web sites 11.3% of them were vulnerable!

I also heard this from Mike Andrews in his How to Break Web Software talk. He says that the number of buffer overflow vulnerabilities have been going down over the years as more people are aware of them, and there are lots of automated tools for finding them. But the number of web application vulnerabilities has been sky rocketing.

Buffer Overflows were first talked about in the 1970's by the NSA, and they are still somewhat of a problem - do you think we will still be talking about Cross Site Scripting and SQL Injection in 30 years?


cfobjective pre-conf training
| Add Comment | add to del.icio.us | Tags: , , , ,

Related Entries
3 people found this page useful, what do you think?

WAF for CF
Trackbacks
Trackback Address: 593/756179CBBD605120C70685F8408F11F6
Comments
On 11/03/2006 at 10:45:59 AM EST sofakingdabest1 wrote:
1
HTML should be abandoned and replaced with something else. What else? The programmers will figure it out.

Post a Comment



  



Spell Checker by Foundeo

Recent Entries




Subscribe to my RSS Feed: solosub RSS
Tags