Empty input
Last updated 2017-08-10

Vulnerabilities & Attacks

Learn about web vulnerabilities and common attacks

VULNERABILITY LIKELIHOOD BY CLASS (2016 report)

Vulnerabilities fall into different “classes”, or categories, that have unique attributes. For example, Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites.

XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. Source: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) The Percent Likelihood seen in the graph reflects how likely it is that a site will have a specific class of vulnerability.

This is calculated based on the number of sites that have at least one open vulnerability in a given class compared to the total number of active sites under WhiteHat Sentinel service. To learn more about all of these vulnerabilities, visit http://projects. webappsec.org/f/WASC-TC-v2_0.pdf

INSUFFICIENT TRANSPORT LAYER PROTECTION 63%

INFORMATION LEAKAGE 51%

CROSS SITE SCRIPTING 48%

CONTENT SPOOFING 24%

BRUTE FORCE 24%

CROSS SITE REQUEST FORGERY 21%

PREDICTABLE RESOURCE LOCATION 18%

IMPROPER INPUT HANDLING 17%

URL REDIRECTOR ABUSE 15%

SESSION FIXATION 11%

INSUFFICIENT AUTHORIZATION 11%

INSUFFICIENT PASSWORD RECOVERY 8%

DIRECTORY INDEXING 8%

ABUSE OF FUNCTIONALITY 7%

SQL INJECTION  6%

Learn more on https://info.whitehatsec.com/rs/675-YBI-674/images/WH-2016-Stats-Report-FINAL.pdf