Cenzic: Top 10 Security Threats. Web Apps And Browser Lead The List.

80% of security vulnerabilities related to the Web are applications, according to a new report from Cenzic, Inc. Chief among the vulnerable? Browsers, with Microsoft's Internet Explorer and Mozilla's Firefox leading the list b a long shot.Reading bMighty with a browser? Of course you are -- and if you're using either IE or Firefox, of course you know that you're using vulnerable technology.

A new security trends report from Cenzic, Inc. found that in the second half of 2008. IE had the most reported vulnerabilities, with 43%. Firefox fans can't throw too many stones, though: according to Cenzic, Firefox came in a close second with 39% of reported browser vulnerabilities. Apple's Safari drew 10% of the reports, while Opera accounted for 9%.

But browsers are nothing compared to Web apps. A breathtaking 80% of vulnerabilities resorted in the second half of 2008 involved Web-based applications.

Overall numbers were up, too, by 10%, to 2,835 reported vulnerabilities.

The vulnerability assessment and risk management company's Top Vulnerabilities List includes the following Web application areas of concern:

* SQL Disclosure * Forceful Browsing Past Authorization Boundary * Insufficient Password Strength * Cross-Site Scripting * Buffer Overflow * Command Injection * SQL Parser * All Forms Submitted via SSL

That list should give you, your IT team and vendors plenty of pause (and plenty of matters to address/redress while you pause) -- and the presence of weak passwords as a major vulnerability (no surprise there, of course) should send your strong password policy memo into circulation again, now. The entire Cenzic Web Applications Security Trends Report Q3-Q4 2008 can be downloaded here.