Cert/CC Statistics shows that 7120 Software Vulnerabilities were
Reported in 2006
· 194 SQL Injection Vulnerabilities were found on BugTraq
between 2005-jan and 2005-June
· Symantec highlights in its most recent Internet Security Threat
Report that Web vulnerabilities constituted 69 percent of 2,249
new vulnerabilities identified for the first half of 2006, with 78
percent of "easily exploitable" vulnerabilities residing within Web
applications.
· Directory Traversal is the 2nd most common attack on the
internet as of the 2nd half of 2005
· Roughly 63% of the Web application vulnerabilities can be
accounted for by 4 vulnerability classes: file inclusion, SQL
injection, cross-site scripting, and directory traversal