Web Development – one day we’ll get it right
Web App Offense
A few tools and tricks can find and correct web app vulnerabilities.
So, I just checked – from January 1, 2010, to October 9, 2011, 8,917 Common Vulnerabilities and Exposures (CVEs) were issued. Of these, 873 were related to cross-site scripting (XSS), which is just a hair under 10 percent. Of the remaining webrelated vulnerabilities, cross-site request forgery (CSRF) [1], file source disclosure (whereby PHP contents are shown as text rather than a rendered web page), and so on were well represented. But over time, things are getting better, right?Not really; out of 51,353 total CVEs 6,580 are related to XSS, and if you plot the bugs over time, a generally upwardtrending curve appears.
So, how does one go about fixing this situation? The good news is that some excellent resources are freely available. The bad news is that people don’t seem to be using them.
Buy this article as PDF
(incl. VAT)