It's not every week that we release two infographics, our latest is a year end look at the state of application security! Over the years the growth of the internet and it's users has been exponential and shows no sign of slowing down. As one might expect we've also seen a rise in breaches, hacks and other incidents relating to appsec.

Add this Infographic to Your Website for FREE!

Small Version

Large Version

Application:A computer program with an interface, enabling people to use the computer as a tool to accomplish a specific task.

App Sec:Application Security. The use of software, hardware, and procedural methods to protect applications from external threats.

Big Picture


  • Total # of Incidents: 1094 v 2200 (to November 20, 2012)
  • % growth of attacks coming from outside the company: 51% v 74%
  • Largest Breach Comparison: Sony 77 Million users v Zappos 24 Million
  • Of all data loss % related to AppSec: 2011: 29% (317 incidents) vs. 2012: 60% (1320 incidents)
  • There have been about 738,839,688 records breached since 2005 which is equivalent to the population all of the Americas (North, Central, and South with the except 78% of Brazil (by last census)


Methods of Attack


  • 26% - Cross-Site Scripting
  • 34.1% - SQL Injection
  • 7.4% - Brute Force
  • 3.7% - Cross-Site Request Forgery
  • 11.8% - Denial of Service
  • 17% - Other


Cross-Site Scripting (XSS): The process of adding malicious code to a website that can execute in a user's browser

SQL Injection: When a coding flaw is exploited to embed malicious code producing a query that can access otherwise inaccessible data

3 of the Biggest SQLI Attacks in 2012


3. #Projectwhitefox

  • Hackers gained access to 31 targets including NASA, the FBI, the Pentagon, and numerous other educational and governmental organizations.
  • 1.6 million records affected
  • Accessed names, email addresses, home addresses, passwords, the SQL injection vulnerable links, and more items which were posted on the internet.



2. LinkedIn

  • Russian Hacker "dwdm" accessed and leaked millions of passwords.
  • 6.5 million records affected
  • "On a scale of A through F, experts say, LinkedIn, eHarmony, and would get, at best, a 'D' for password security" - New York Times



1. Gamigo

About Neil DuPaul

Neil manages the blog pipeline at Veracode, often by fending off eager contributors with a stick. He manages much of the Veracode web presence while also motivating the more introspective Veracoders to be social. Lover of sports and outdoors, and a SERP enthusiast, hit him up on Twitter here.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.