Cenzic Web Application Security Trends Report Reveals 90 Percent of Web Applications Vulnerable, Adobe One of the Most Vulnerable

Cenzic Inc., a provider of Web application security solutions, released its report revealing the most prominent types of Web application vulnerabilities for the second half of 2009. The report, which regularly gauges insecurities on the Web, finds that slow progress is being made to increase awareness, but commonly used applications are still ridden with flaws. Specifically, the report identified more than 2,165 total vulnerabilities in commercial applications, which is 82 percent of the total published vulnerabilities of 2,650.

Overall, the most common published exploits on Web applications continue to be SQL Injection and Cross Site Scripting (XSS) vulnerabilities, which account for 19 percent and 16 percent of all Web attacks, respectively. Attacks on several Adobe applications, including Flash, ColdFusion and Reader, led the report and earned Adobe the name "The Year’s Most Hacked Software." Among Web browsers, Mozilla Firefox had the largest percentage of Web vulnerabilities at 44 percent, however Mozilla also had the most fixes, with only 12 percent of its vulnerabilities left unpatched. Microsoft Internet Explorer, named the second most vulnerable browser with 25 percent of all browser vulnerabilities, showed 36 percent were unpatched.

"Time after time, year after year, we see SQL Injection, XSS, information leaks, and session management as the most commonly used Web attacks, and it is mind boggling to see that more than 90 percent of Web applications continue to be vulnerable," said Mandeep Khera, chief marketing officer at Cenzic. "The solutions are available. Organizations that would like to protect themselves no longer need dedicated IT staff or experts. With managed service offerings and the launch of Cenzic’s ClickToSecure Cloud application, it’s very easy to get a jump start and begin securing Web applications. We have to overcome this insanity."

Findings from Cenzic’s Q3-Q4 2009 Trends Report point to the continued growth of attacks through Web applications. Web vulnerabilities continue to make up the largest percentage of the reported vulnerability volume, with roughly 82 percent of all vulnerabilities resulting from the Web.

Cenzic Application Security Trends Report Q3-Q4 2009 Findings

The report, which illustrates trends among thousands of corporations, financial institutions and government agencies, incorporates findings from Cenzic ClickToSecure, Cenzic’s leading-edge managed security assessment (SaaS), and research from Cenzic Intelligent Analysis (CIA) Labs. Some of the key findings include:

  • 82 percent of the total reported vulnerabilities affected Web technologies, such as Web servers, applications, Web browsers, Plugins and ActiveX, which is a significant increase from earlier in the year.
  • Of Web browser vulnerabilities Firefox had the largest percentage, at 44 percent but the browser also had the best patch ratio. Internet Explorer vulnerabilities came in at 25 percent.
  • Adobe, Sun and HP continue to be among the Top 10 vendors having the most severe vulnerabilities for the second half of 2009.

    To download a PDF version of the Q3-Q4 2009 Trend Report, please visit:

    For a hard copy of the full report you can also visit Cenzic at the RSA Conference in San Francisco from March 1st through March 5th, at booth 2624.

     [March 2, 2010]

    Send this IT news to a friend
    Recipient :
    (enter the e-mail address of the recipient)

    (enter your name)

    (enter your e-mail address)


    Other IT news about Adobe Systems

  • Tinkerine delivers innovative 3D printing integration for Adobe Photoshop CC (June 18, 2015)
  • Deloitte Digital Named Adobe Digital Marketing Partner of the Year in 2014 (December 17, 2014)
  • Adobe Unveils Adobe Photoshop Elements 13 and Adobe Premiere Elements 13 (September 30, 2014)
  • Deloitte Digital Launches MarketMix, Powered by Adobe Marketing Cloud (March 26, 2014)
  • Digital Marketing Agency Axis41 Announces Business-level Partnership with Adobe (August 12, 2013)
  • Adobe Drives Innovation With New Video Workflows at NAB 2013 (April 4, 2013)
  • Adobe Announces Agreement to Acquire Nitobi, Creator of PhoneGap (October 4, 2011)
  • Mobixell Seamless Access Enables Mobile Operators to Deliver Adobe Flash Content to Apple Devices (July 29, 2011)
  • Adobe and Sony to Bring Unique Android Applications to New "Sony Tablet" Devices (July 14, 2011)
  • Facebook Edges Out Amazon, Google and Adobe to Be Named Brand of the Year in 2011 Brand Impact Report (March 14, 2011)
  • Frima Studio Choseen by Adobe as «Molehill» Pre-Release Partner (October 28, 2010)
  • Mochi Media Announces Winners of ’Made For Mobile’ Contest (October 26, 2010)
  • Adobe Debuts Flash Media Server 4 (September 10, 2010)
  • Mochi Media Announces Mobile Games Contest (July 14, 2010)
  • Mochi Media Launches Mobile Flash Games Website Using Adobe Flash Player 10.1 (May 25, 2010)
  • Remote-Learner Announces Adobe Connect Integration for Moodle (March 31, 2010)
  • Adobe Mobile Editor Now Available to Android Developers (March 8, 2010)
  • Adobe to Work With PlaySpan to Provide Monetization Platform for Adobe AIR Developers (March 5, 2010)
  • TIME, New York Times, and Harper Collins Chair Industry’s First Closed-Door Digital Publishing Summit (March 4, 2010)
  • Lenovo Accelerates Video Performance for ThinkPad Workstations (January 22, 2010)
  • Adobe Positioned in Visionaries Quadrant for Mobile Consumer Application Platforms (December 15, 2009)
  • Adobe Enhances with New Productivity and Collaboration Capabilities (November 24, 2009)
  • Adobe AIR 2 and Flash Player 10.1 Beta Software Now Available (November 18, 2009)
  • Adobe Debuts Mobile for Android (November 9, 2009)
  • Adobe Photoshop Lightroom 3 Beta Now Available (October 23, 2009)
  • Adobe Unveils Mobile for iPhone (October 13, 2009)
  • Nokia and Adobe Bring New Flash Applications to Mobile Phones and Other Devices (October 5, 2009)
  • Adobe and Turner Broadcasting System, Inc. Expand Alliance (October 2, 2009)
  • Cognitec Announces Important Collaboration with Adobe (September 25, 2009)
  • Adobe Releases Photoshop Elements 8 for Windows and Mac (September 24, 2009)
  • Adobe to Acquire Omniture (September 17, 2009)
  • Adobe Unveils Adobe Flash Access 2.0 (September 11, 2009)
  • Adobe Updates Scene7 Platform With Dynamic Media and Web-to-Print Enhancements (September 9, 2009)
  • U.S. Marine Corps Selects Adobe Acrobat Connect Pro for Mission-Critical Communications (August 24, 2009)
  • Adobe Releases Flash Platform Media and Text Frameworks as Open Source (July 22, 2009)
  • Adobe ColdFusion 9 and ColdFusion Builder Public Betas Now Available (July 14, 2009)
  • Adobe and Nokia announce USD 10 million Open Screen Project fund (February 16, 2009)
  • Traction Unveils Game to Drive Social Media Brand Engagement for Adobe (December 2, 2008)
  • Telecom Italia Selects Cisco and Adobe for Delivery of Next-Generation ’Web TV’ Services (October 1, 2008)
  • Adobe Launches Public Beta of (June 4, 2008)
  • TVO first Canadian broadcaster for Adobe Media Player Launch (June 2, 2008)
  • Other IT news about Cenzic

  • Cenzic Announces New Application Security Service for the Connected Enterprise (February 24, 2014)
  • More Than 2,100 Web Vulnerabilities Found in Second Half of 2010 (April 1, 2011)
  • Cenzic Releases New Versions of Hailstorm, ClickToSecure Cloud (March 31, 2011)
  • Cenzic Expands White-Labeled ClickToSecure Cloud Solution to Meet Web Application Security Demand Globally (March 8, 2011)
  • Cenzic Hailstorm Awarded Best in Web 2.0 Security and Best Security Testing (July 14, 2010)
  • Cenzic Works With Citrix to Introduce On-Demand Compliance Solution (May 14, 2010)
  • Cenzic Announces Breakthrough Cloud Offering for Web Application Security and Cloud Platform for Integration With Partner Solutions (February 26, 2010)
  • Cenzic Gears Up for a Big Year in Web Application Security With Further Expansion Into Canada (February 9, 2010)
  • Cenzic Extends "No Website Left Behind" Program to Include Any Charitable Site Collecting Funds for Haiti Relief (January 27, 2010)
  • "Perfect Storm" Forming for Cyberattacks in the Next Decade (January 26, 2010)
  • Cenzic Announces New Web Security Product Releases Focused on Cloud Computing, Web 2.0, Scalability, Integrations, and Industry Standards (June 17, 2009)
  • Cenzic Enhances Its On-Demand Web Application Security Solution (February 10, 2009)
  • Cyber and Web Application Security Vulnerabilities Continue to Threaten National and Economic Security (January 2, 2009)
  • Cenzic Launches Web Application Security Mythbusters Series (September 24, 2008)
  • Cenzic’s New Release Boosts Its Web Application Security Solutions (June 17, 2008)
  • ControlScan Powers Up Product Offerings With Cenzic Web Application Security Solutions (October 9, 2007)

    Website based on SPIP, an Open Source program under GNU/GPL licence