"The takeaway is that researchers are paying a lot more attention to
web vulnerabilities, and if companies don't want to get caught up in
that, then they need to pay attention to those flaws," said Steven
Christey, the security researcher that authored the draft report and
the CVE Editor for The MITRE Corp., a nonprofit government contractor.
The jump in web-based vulnerabilities is fueled by the
simplicity of exploiting many of the most common web vulnerabilities,
the enormous number of web applications freely available, and the
difficulty in eradicating cross-site scripting flaws.
" – TheRegister
TheRegister Link http://www.theregister.co.uk/2006/09/18/web_vulnerabilties/
Blog Link (With additional links and charts):
http://jeremiahgrossman.blogspot.com/2006/09/web-app-vulnw-take-over-top-spots.html
