This document summarizes web application security trends from Q1-Q2 2009. Some key findings include:
- 78% of reported vulnerabilities affected web technologies like browsers, servers, and applications.
- SQL injection and cross-site scripting vulnerabilities dominated commercial web applications.
- The top 10 vulnerabilities included issues with phpMyAdmin, SAP, Sun Java, Citrix, Apache Tomcat, and Symantec products.
- Assessments by Cenzic found information leaks, cross-site scripting, authentication flaws, and session management issues to be most common.