Top 10 lists are usually good fun, if sometimes a bit frivolous. Our list of the top 10 application vulnerabilities is intended to raise awareness in a lighthearted way, although the risks from these vulnerabilities are a little scary.
To create our list, we analyzed 300,000 static and dynamic application assessments and billions of lines of code, over 18 months. From this analysis we determined the top 10 "scariest" vulnerabilities based on prevalence. It may surprise you which types of vulnerabilities top the list. For example, SQL injection and Cross-Site Scripting grab lots of media attention as the culprits of many high-profile breaches, but they're not as high on the list as you might expect.
The infographic below shows the top 10 vulnerabilities and also offers short explanations of the coding defects that cause these vulnerabilities, their consequences and cures. Download the infographic as a PDF by clicking on the image. And check out the latest State of Software Security report for a deep-dive into the numbers and our analysis of the biggest risks to software security today.