Cross Site Scripting: Attackers' New Favorite Flaw

For years buffer overflow has been the favorite target of online attackers, but no more: Cross site scripting is now the biggest culprit. That's the scoop from Mitre Corp., which later this week will release its latest findings about the flaws behind publicly disclosed vulnerabilities.

The number two favorite flaw is SQL injection, says Robert Martin, lead for compatibility and outreach at Mitre, who first discussed the new data at yesterday's Cyber Security Executive Conference in New York. The number of buffer overflow flaws exploited dropped to number three in 2005 and number four so far this year, according to Mitre. Dark Reading - Application and Perimeter Security - Cross-Site Scripting: Attackers' New Favorite Flaw - Security News Analysis

Linked by shanmuga Saturday, 16th September 2006 7:52AM