I had a long talk with Jeremiah Grossman about the study his company put out last month on web site vulnerabilities. One of the items that stood out for me was his analysis of the top 15 web site vulnerabilities.
Looking closely at the first six, it’s a little disturbing to see that 5 out of those 6 are things that have been known for years, if not at least a decade. What is it going to take to finally get a handle on cross-site scripting? Information leakage… still?
Take a look at the full report: Website Security Statistics Report from WhiteHat Security. You can hear what Jeremiah has to say about the report in an abridged recording of our interview a few days after the report came out.