The number of software vulnerabilities detected has risen to the point that almost 9 out of 10 Web applications have flaws that could lead to the exposure of sensitive information. Cenzic's "Web Application Security Trends Report Q1-Q2, 2009" report, released on Monday, says that more than 3,100 vulnerabilities were identified in the first half of the year, 10% more than the number identified in the second half of 2008.

Of the vulnerability total, 78% were Web application vulnerabilities, lower than in the second half of 2008 but higher than in the first half of last year. The SANS Institute's Top Cyber Security Risks report, released in September, found that over 60% of attack attempts on the Internet target Web applications.

Ninety percent of the Web application vulnerabilities were in commercial Web apps and 8% were the browsers that run Web apps, Cenzic's report says.

Cenzic says that SQL Injection and Cross Site Scripting vulnerabilities played a role in 25% and 17% of all Web attacks respectively. Cenzic's report claims that 87% of the analyzed Web applications "had serious vulnerabilities that could potentially lead to the exposure of sensitive or confidential user information during transactions."

Read the whole story at http://www.informationweek.com/news/windows/showArticle.jhtml?articleID=221600880