WhiteHat’s 12th Website Security Statistics Report represents far and away the largest amount of data we’ve ever
Within this report we are very excited by the introduction of two new industries, Energy and Non-Profit. Historically,
KEY FINDINGS IN 2011
1. The average number of serious* vulnerabilities found per website per year was 79, a
significant reduction from 230 in 2010 and down from 1,111 in 2007.
2. Cross-Site Scripting reclaimed its title as the most prevalent website vulnerability, identified in 55% of websites.
3. Web Application Firewalls could have helped mitigate the risk of at least 71% of all custom Web application vulnerabilities identified.
4.There was notable improvement across all verticals, but Banking websites possessed the fewest amount of security issues of any industry with an average of 17 serious* vulnerabilities identified per website.
5. Serious* vulnerabilities were fixed in an average of 38 days or faster, a vast improvement over the 116 days it took during 2010.
6. The overall percentage of serious* vulnerabilities that were fixed was 63%, up from 53% in 2010, and a marked improvement from 2007 when it was just 35%. A rough 7% average improvement per year over each of the last four years.
7. The higher severity that a vulnerability has, the higher the likelihood that the vulnerability will reopen. Urgent: 23%, Critical: 22%, High: 15%.
8. The average number of days a website was exposed to at least one serious* vulnerability improved slightly to 231 days in 2011, from 233 days in 2010. Find full report here