Internet security by numbers

For the collectors and slide producers among you:

SANS Cyber Security Survey 2009
The survey found that Web server-side applications are the target of more than 60% of all Internet attacks and that “Web application vulnerabilities such as SQL injection and cross-site scripting flaws in open source as well as custom-built applications account for more than 80% of the vulnerabilities being discovered. Despite the enormous number of attacks and despite widespread publicity about these vulnerabilities, most Web site owners fail to scan effectively for the common flaw.”

(See Making Sense of the SANS “Top Cyber Security Risks” Report at The New School of Information Security for a critique of the report.)

X-Report von IBM 2009
According to the report, criminals are leveraging insecure Web applications to target users of legitimate Web sites. These attacks intended to steal and manipulate data and take command and control of infected computers. The report states that SQL injection attacks rose 50 percent from Q4 2008 to Q1 2009 and then nearly doubled from Q1 to Q2.

Sophos Security Threat 2009
23,500 new infected webpages are discovered every day. That’s one every 3.6 seconds, four times worse than in 2007.