I had a long talk with Jeremiah Grossman about the study his company put out last month on web site vulnerabilities. One of the items that stood out for me was his analysis of the top 15 web site vulnerabilities.
Looking closely at the first six, it’s a little disturbing to see that 5 out of those 6 are things that have been known for years, if not at least a decade. What is it going to take to finally get a handle on cross-site scripting? Information leakage… still?